On Thu, Dec 28, 2006 at 02:06:30PM -0500, Daniel Golding wrote:
[snip]
> Time for a colocation reality check.
[snip]
> Until supply catches up to demand, only price and power will matter
> to most folks, along with an acceptable level of facility redundancy
> (Tier III for most).
One 'realit
On 12/28/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
Don't forget the biggie. These are "shared use facilities." People who
buy space in collocation facilities already have lower security
requirements. The only thing keeping the "bad guys" out is whether
their payment clears.
Security by po
On Thu, 28 Dec 2006, Daniel Golding wrote:
Time for a colocation reality check. Why would facilities need to have tight
security? Lets count off the reasons...
Don't forget the biggie. These are "shared use facilities." People who
buy space in collocation facilities already have lower sec
Marshall Eubanks wrote:
Here is a true story. Pardon me for being a little vague about details.
They should have retained his id. That would have helped.
At 3:03 PM -0500 12/28/06, Marshall Eubanks wrote:
>...
>FE goes to colo (where he has been removed from the access list).
>Shows ID to guards, who knew him well, and is let in, list or no list.
>...
>The FE got the money he wanted. The client got their router back.
>I am not sure if the guards w
Here is a true story. Pardon me for being a little vague about details.
Client in argument about (large) expense payments with former
employee (FE) (not me, BTW).
FE wants payment, client says
money is not owed. I am in no position to judge correctness of either
argument.
FE used to have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Dec 28, 2006, at 3:49 PM, Joe Abley wrote:
I gave my Ontario drivers licence to Equinix security in LA, once,
and they refused to accept it as proof of ID since it wasn't
government issued. I said it was; they disagreed. I tried to
explain
On Dec 28, 2006, at 11:14 AM, Leo Vegoda wrote:
On Dec 28, 2006, at 4:49 PM, Joe Abley wrote:
[...]
Which makes it hard for me to understand why they bother, and why
they go to such great lengths to enforce arbitrary rules about
what is acceptable and what isn't.
Indeed. I'm surprised
On 12/28/06, Joe Abley <[EMAIL PROTECTED]> wrote:
They gave the passports back, eventually, and I didn't go to jail. So
it could have been worse. :-)
of course all this happened *after* you passed the first handscan.
oh Equinix...
Indeed. I'm surprised the market hasn't produced facilities with
better thought through and executed security and access controls. Is
there not enough competition in each metro area for anything other
than lowest common denominator?
From what I've seen? No.
At the moment, the top priority
Joe Abley wrote:
On 27-Dec-2006, at 18:22, Mark Newton wrote:
On Thu, Dec 28, 2006 at 12:13:07AM +0100, Leo Vegoda wrote:
My driving license doesn't have a photograph on it, so using it as an
identity document is pointless.
There's no way for a minimum-wage security grunt to verify t
On Dec 28, 2006, at 4:49 PM, Joe Abley wrote:
[...]
My driving license doesn't have a photograph on it, so using it
as an
identity document is pointless.
There's no way for a minimum-wage security grunt to verify the
particulars of my passport, so using it as an identity document
is pointl
On 27-Dec-2006, at 18:22, Mark Newton wrote:
On Thu, Dec 28, 2006 at 12:13:07AM +0100, Leo Vegoda wrote:
My driving license doesn't have a photograph on it, so using it as an
identity document is pointless.
There's no way for a minimum-wage security grunt to verify the
particulars of my pa
At 12:15 AM -0500 12/28/06, Jim Popovitch wrote:
>
>At the risk of dragging this to the nth degree... it's already been
>established that the ID yahoos have no idea on what a real ID looks like
>vs a false ID (esp considering all the possible combinations of ID).
That's certainly true in many cas
On Thu, 2006-12-28 at 12:36 +0800, Adrian Chadd wrote:
> On Wed, Dec 27, 2006, Jim Popovitch wrote:
>
> > > Um, no. I would, however, be willing to have them inform the primary
> > > contact that the key had not been returned and then bill the customer
> > > appropriately for whatever remedy was
On Wed, Dec 27, 2006, Jim Popovitch wrote:
> > Um, no. I would, however, be willing to have them inform the primary
> > contact that the key had not been returned and then bill the customer
> > appropriately for whatever remedy was chosen by the primary contact.
>
> How would they know who to b
On Wed, 2006-12-27 at 18:58 -0800, Owen DeLong wrote:
> On Dec 27, 2006, at 12:42 PM, Jim Popovitch wrote:
>
> >
> > On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote:
> >> Savvis wants to retain your ID if they issue a cage-key to you.
> >
> > If they (or others) asked you to let them hold $5
On Dec 27, 2006, at 12:42 PM, Jim Popovitch wrote:
On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote:
Savvis wants to retain your ID if they issue a cage-key to you.
If they (or others) asked you to let them hold $50 cash to cover their
key/lock replacement costs would you feel more com
I've never been asked to allow someone else to
retain my passport or driver's license.
Exodus used to do this.
...and look where that got them!
They (Exodus) also had, at least here in Seattle at the 12301 Tukwila
facility, the grungiest palm scanner in the world. Thankfully I never
had
On Thu, Dec 28, 2006 at 12:13:07AM +0100, Leo Vegoda wrote:
> My driving license doesn't have a photograph on it, so using it as an
> identity document is pointless.
There's no way for a minimum-wage security grunt to verify the
particulars of my passport, so using it as an identity documen
On Dec 27, 2006, at 6:13 PM, Leo Vegoda wrote:
On Dec 27, 2006, at 11:20 PM, Patrick W. Gilmore wrote:
[...]
To open a totally separate can-of-worms, why not take my driver's
license? Easier to replace than a passport and much less trouble
when crossing borders. And before someone says "
On Dec 27, 2006, at 11:20 PM, Patrick W. Gilmore wrote:
[...]
To open a totally separate can-of-worms, why not take my driver's
license? Easier to replace than a passport and much less trouble
when crossing borders. And before someone says "they don't know
what a DL from $COUNTRY looks
On Dec 27, 2006, at 3:42 PM, Jim Popovitch wrote:
On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote:
Savvis wants to retain your ID if they issue a cage-key to you.
If they (or others) asked you to let them hold $50 cash to cover their
key/lock replacement costs would you feel more comfor
> AT&T's colocation facility in mid town retains your ID. So do a lot of
> others I've been to. And that happens whether or not they give you a cage
> key.
Maybe this is a recent "feature". From what I've seen, AT&T's security
policy differs from site to site, employee to employee, no matter wha
On Oct 23, 2006, at 9:40 PM, David Schwartz wrote:
Maybe I've just been lucky, but I've been to some of the most secure
facilities in the world, and I've never been asked to allow someone
else to
retain my passport or driver's license.
The best, no :-) But Exodus used to do this. And hel
On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote:
> Savvis wants to retain your ID if they issue a cage-key to you.
If they (or others) asked you to let them hold $50 cash to cover their
key/lock replacement costs would you feel more comfortable?
-Jim P.
throughout the US. In recent memory, I can think of two large collocation
centers that retain your ID. One is in Miami and one in New York (I don't
think I need to name names, most of you know to which I refer). All others
(including AT&T) have never asked to retain my ID.
I dont mind naming
Does that equate to a "take it or leave" standpoint?
Suppose you dont need a key cause your client is already there?
Owen DeLong wrote:
Savvis wants to retain your ID if they issue a cage-key to you.
Owen
On Dec 27, 2006, at 8:52 AM, Joe Maimon wrote:
Randy Epstein wrote:
throughout
Savvis wants to retain your ID if they issue a cage-key to you.
Owen
On Dec 27, 2006, at 8:52 AM, Joe Maimon wrote:
Randy Epstein wrote:
throughout the US. In recent memory, I can think of two large
collocation
centers that retain your ID. One is in Miami and one in New York
(I don
Randy Epstein wrote:
throughout the US. In recent memory, I can think of two large collocation
centers that retain your ID. One is in Miami and one in New York (I don't
think I need to name names, most of you know to which I refer). All others
(including AT&T) have never asked to retain m
On Tue, Oct 24, 2006 at 05:38:05PM -0700, David Schwartz wrote:
...
> I am way too familiar with several cases where people were charged and
> convicted with violating obscure laws clearly intended for another purpose
> just for doing their jobs in a normal, reasonable way. Intel v. Schwartz (no
>
t; -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Jim Popovitch
> Sent: Tuesday, October 24, 2006 10:51 AM
> To: nanog@merit.edu
> Subject: RE: Collocation Access
>
>
> On Tue, 2006-10-24 at 05:51 -0700, David Schwartz wrote:
> On Tue, Oct 24, 2006 at 05:51:17AM -0700, David Schwartz wrote:
> > Then you broke the law, assuming you had a Florida license and
> > you presented
> > it to the Miami facility.
> > Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
> > "[i]t is a misdemeanor of the seco
On Tue, Oct 24, 2006 at 05:51:17AM -0700, David Schwartz wrote:
> > In recent memory, I can think of two large collocation
> > centers that retain your ID. One is in Miami and one in New York (I don't
> > think I need to name names, most of you know to which I refer).
> > All others
> > (includin
In article
<[EMAIL PROTECTED]>,
Dominic J. Eidson <[EMAIL PROTECTED]> writes
At the risk of being anti-over-pedantic:
Ask a lawyer, not a list of network ops.
That's what I usually do, but it sometimes helps to get the ordinary
user's perspective as well.
--
Roland Perry
On Tue, 24 Oct 2006, Roland Perry wrote:
> In article <[EMAIL PROTECTED]>, Jim Popovitch
> <[EMAIL PROTECTED]> writes
> >> Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
> >> "[i]t is a misdemeanor of the second degree ... for any person ... [t]o
> >> lend
> >> his or he
On Tue, 24 Oct 2006, Daniel Senie wrote:
I think it's time to show up with such a statemant of acceptance of liability
whenever asked for such information. I have to wonder if company lawyers
would then give it some thought.
I have been considering this for some time. A small piece of paper
In article <[EMAIL PROTECTED]>, Jim Popovitch
<[EMAIL PROTECTED]> writes
Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
"[i]t is a misdemeanor of the second degree ... for any person ... [t]o lend
his or her driver's license to any other person or knowingly permit the u
Florida law, Title 13 section 322.32(2), "Unlawful use of license"
says
"[i]t is a misdemeanor of the second degree ... for any person ...
[t]o lend
his or her driver's license to any other person or knowingly
permit the use
thereof by another."
That statute deals with someone else _using_
On Tue, 2006-10-24 at 05:51 -0700, David Schwartz wrote:
> Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
> "[i]t is a misdemeanor of the second degree ... for any person ... [t]o lend
> his or her driver's license to any other person or knowingly permit the use
> thereof
> > Then you broke the law, assuming you had a Florida license and you
> > presented it to the Miami facility.
> >
> > Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
> > "[i]t is a misdemeanor of the second degree ... for any person ... [t]o
> > lend his or her driver's
Most list members here will probably find difficulty fathoming this, but during
the Cold War years of the Nineteen Sixties, many telco employees, depending on
the type of work they were engaged in, were actually issued government "Civil
Defense" ID's for the purpose of gaining access to their work
In article <[EMAIL PROTECTED]>, David
Schwartz <[EMAIL PROTECTED]> writes
Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
"[i]t is a misdemeanor of the second degree ... for any person ... [t]o lend
his or her driver's license to any other person or knowingly permit the
>Then you broke the law, assuming you had a Florida license and you
>presented to the Miami facility.
Actually, I handed them an Austrian license. Maybe I violated some EU
directive!
>DS
Randy
On Tuesday 24 October 2006 07:51, David Schwartz wrote:
> > In recent memory, I can think of two large collocation
> > centers that retain your ID. One is in Miami and one in New York (I
> > don't think I need to name names, most of you know to which I refer).
> > All others
> > (including AT&T)
> In recent memory, I can think of two large collocation
> centers that retain your ID. One is in Miami and one in New York (I don't
> think I need to name names, most of you know to which I refer).
> All others
> (including AT&T) have never asked to retain my ID.
Then you broke the law, assumi
In article <[EMAIL PROTECTED]>, Randy Epstein
<[EMAIL PROTECTED]> writes
I'm not exactly sure why these sites want to retain ID, but I think it
goes along with the big weight that is connected to the gas station bathroom
key. They want to make sure you return your cabinet keys (if any),
tempo
On Mon, 23 Oct 2006, Roland Perry wrote:
Sounds to me like NSTAC ought to be worried about a scheme to accredit co-lo
operator security staff, as well as the visiting telco engineers.
Certainly in the UK, the co-lo security staff employed at Telehouse Europe
are properly accredited and licen
> I'm not exactly sure why these sites want to retain ID, but I think it
> goes along with the big weight that is connected to the gas station
bathroom
> key. They want to make sure you return your cabinet keys (if any),
> temporary pass (if any), etc. Legal risk or not, can you think of a
b
> From what I've seen, there's a complete lack of awareness of the
>risks associated with retention of identification or information. I
>even had a long argument with the local US Post Office, who wanted to
>record numbers from two forms of ID in order for me to retain my PO
>Box. Their claim
On Mon, 23 Oct 2006, Alex Rubenstein wrote:
>
> > (They let me in eventually with a passport. But if they're going to
> > trust a foreign-issued passport as photo id, it's not really that
> > obvious to me why they wouldn't trust a foreign-issued driving
> > licence. It's not like they can
At 12:40 AM 10/24/2006, David Schwartz wrote:
> On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> I've been in and out of several colos that require you to leave your ID
> (passport/DL, and business card) up at the front desk throughout your
> visit. This could be for hours, or even f
> On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> I've been in and out of several colos that require you to leave your ID
> (passport/DL, and business card) up at the front desk throughout your
> visit. This could be for hours, or even for the whole day. During that
> time I imagine m
On Mon, Oct 23, 2006 at 01:07:56PM -0400, Alex Rubenstein wrote:
[snip]
> What I've never understood is, that, how a gov't issue ID (for the
> purposes of allowing entry) is of any use whatsoever.
No matter how easy to forge, *requiring* them raises the risk/reward
bar. Penalties for forging Q R
On Mon, 23 Oct 2006, Nick Thompson wrote:
It seems as though at this point there is little need for security to
maintain control of the ID, again which could possibly leave it open to
various activities already mentioned by some others.
My impression is that the requirement to leave ID at the
mpson
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Roland Perry
Sent: Monday, October 23, 2006 3:41 PM
To: nanog@merit.edu
Subject: Re: Collocation Access
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
>> In f
On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> But presumably it would need to be stolen. Wouldn't the tech notice that
> happening... Or is there some way the colo security guy can clone it
> undetected?
I've been in and out of several colos that require you to leave your ID
(passpor
At 1:07 PM -0400 10/23/06, Alex Rubenstein wrote:
>
>What I've never understood is, that, how a gov't issue ID (for the
>purposes of allowing entry) is of any use whatsoever.
>
>It's not as if someone is doing a instand background check to know if
>the person is a criminal, or wanted, or whatever.
On Mon, Oct 23, 2006 at 03:06:57PM -0400, Marshall Eubanks wrote:
>
> I once was going to a meeting at a colo in Tysons Corner, which will
> remain nameless (but you would know it).
>
> Like most of them, it wasn't well marked, and we couldn't find it.
> Three of us wound up walking through
On Mon, Oct 23, 2006 at 14:26:53PM -0500, Stasiniewicz, Adam wrote:
> That is true for strip card (credit card style) and simple prox cards.
> But what I have been seeing more often is that companies are using the
> smart card and wireless smart card variety for high security areas. So
> instead
> Security by its nature is not fun, not productive, a drain on
> resources and time. Security is something we need only because there
> are bad things out there - nefarious activity, inadvertent neglect,
> design flaws, etc. At best you have to "put up with security," don't
> expect to enjo
Edward Lewis wrote:
But, I always thought that the purpose of most security was psychological
reassurance anyway...
Reacting to this and the story of just walking through the backdoor to
get in -
I think there's an element of self-fulfilling prophecy here. If the
Classical NANOG
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
In fact he did have an AT&T badge which he was not allowed to hand over
either. The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My te
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
But presumably it would need to be stolen. Wouldn't the tech notice
that happening... Or is there some way the colo security guy can
clone it undetected?
While your point is valid, arguing something like that wit
But, I always thought that the purpose of most security was psychological
reassurance anyway...
Reacting to this and the story of just walking through the backdoor to get in -
I think there's an element of self-fulfilling prophecy here. If the
legitimate "power" users of the security syste
iginal Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Warren Kumari
Sent: Monday, October 23, 2006 1:34 PM
To: Roland Perry
Cc: nanog@merit.edu
Subject: Re: Collocation Access
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
>
> In article <[EMAIL PROTECTED]&g
I once was going to a meeting at a colo in Tysons Corner, which will
remain nameless (but you would know it).
Like most of them, it wasn't well marked, and we couldn't find it.
Three of us wound up walking through an open door on the loading dock
and onto the colo floor with no checks wha
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. T
On Mon, 23 Oct 2006, Steven M. Bellovin wrote:
A government-issued ID (at most) proves your identity; it says nothing
about your authorization to be somewhere.
The ID is just Authentication. Authorization and Accounting are handled
by other procedures implemented by the colo security droid
In article <[EMAIL PROTECTED]>, Brandon
Butterworth <[EMAIL PROTECTED]> writes
my passport says who I'm allowed to surrender it to and that doesn't
include colo guards yet some want to retain it whilst you're on site
"should not be passed to an unauthorised person" [1], which raises the
issu
Roland Perry wrote:
In article
<[EMAIL PROTECTED]
>, Craig Holland <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
Sounds to me like NSTAC ought to be worried about a scheme to accred
On Mon, 23 Oct 2006, Roland Perry wrote:
But presumably it would need to be stolen. Wouldn't the tech notice that
happening... Or is there some way the colo security guy can clone it
undetected?
While your point is valid, arguing something like that with an AT&T tech
would be like arguing w
On Mon, 23 Oct 2006 10:40:19 -0700 (PDT), "John A. Kilpatrick"
<[EMAIL PROTECTED]> wrote:
>
> On Mon, 23 Oct 2006, Craig Holland wrote:
>
> > In fact he did have an AT&T badge which he was not allowed to hand over
> > either. The fellow I chatted with at AT&T said they are not allowed to
> > h
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. That keycard could grant central office
access
On its
In article
<[EMAIL PROTECTED]
>, Craig Holland <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
Sounds to me like NSTAC ought to be worried about a scheme to accredit
co-lo operator se
In article <[EMAIL PROTECTED]>, Etaoin Shrdlu
<[EMAIL PROTECTED]> writes
I used to object to our method of gathering social security numbers
(since it was on a form that anyone adding a name could see)
Now that you need a Social Security number to get a US Drivers licence
(and I doubt many t
> What I've never understood is, that, how a gov't issue ID (for the
> purposes of allowing entry) is of any use whatsoever.
>
> It's not as if someone is doing a instand background check to know if
> the person is a criminal, or wanted, or whatever. It's trivial to forge
> a gov't ID.
Welcome t
On Mon, 23 Oct 2006, Craig Holland wrote:
In fact he did have an AT&T badge which he was not allowed to hand over
either. The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. That keycar
Alex Rubenstein wrote:
I am shocked that the ATT employee did not have an ATT ID.
In our facilities, we require all visiting telcos to produce company
identification, and between telcove/level 3, Verizon, MCI, and several
others, we have never had an issue.
I'd be a bit more suspicious that h
Message-
> From: Alex Rubenstein [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 23, 2006 10:06 AM
> To: Craig Holland; [EMAIL PROTECTED]
> Subject: RE: Collocation Access
>
>
> > Is this some new trend or have I just gotten lucky in the
> > past? Wouldn&#
Alex Rubenstein wrote:
Craig Holland wrote:
Is this some new trend or have I just gotten lucky in the past?
Wouldn't someone like AT&T be better served by giving their
employees some company issued ID that they can submit to secure
facilities? I know it wouldn't be government issued, but
> (They let me in eventually with a passport. But if they're going to
> trust a foreign-issued passport as photo id, it's not really that
> obvious to me why they wouldn't trust a foreign-issued driving
> licence. It's not like they can really tell whether either of them
> are forged.)
Wh
> Is this some new trend or have I just gotten lucky in the
> past? Wouldn't someone like AT&T be better served by giving
> their employees some company issued ID that they can submit
> to secure facilities? I know it wouldn't be government
I am shocked that the ATT employee did not have a
On Mon, 23 Oct 2006, Craig Holland wrote:
Is this some new trend or have I just gotten lucky in the past?
Wouldn't someone like AT&T be better served by giving their employees
some company issued ID that they can submit to secure facilities? I
know it wouldn't be government issued, but would at
On Mon, 23 Oct 2006, Craig Holland wrote:
I just ran into something for the first time, and apparently it isn't
that uncommon. AT&T was asked to install a circuit into a collocation
facility where, like any I've been into, required them to show a
government ID. They refused claiming it was ag
On 23-Oct-2006, at 11:54, Craig Holland wrote:
I just ran into something for the first time, and apparently it
isn’t that uncommon. AT&T was asked to install a circuit into a
collocation facility where, like any I’ve been into, required them
to show a government ID.
In a similar vein,
86 matches
Mail list logo
