Harmy

Companies doing business in China are now sending "sanitized" laptops and smartphones with their people. My understanding is that most come back with some sort of snooping having been done to them. This isn't necessarily the government... but it is common practice there.

We are talking about installations of equipment that is to become the backbone of the network.

It is PERFECTLY positioned to enable "man in the middle" interceptions and it is IMPOSSIBLE to be certain that the installed equipment does not contain hidden capabilities. In this case the central nature of the equipment that makes it more dangerous. The tale of the router that turned itself on in the middle of the night to attempt to send traffic somewhere in China is AFAIK, apocryphal, but it isn't because it is impossible for something similar to happen.

If I were a sysadmin concerned with security, and I have been such... I would be stupid to put a router or switch or other similar kit from any source I did not trust implicitly, in my network. That is how things are.

That said I would be similarly concerned with gear sourced from the USA as the Department of Homeland Security and No Such Agency are both not bashful about making similar alterations to your kit.

When it comes to cyber security the question is not whether you are paranoid... it is whether you are paranoid ENOUGH.

http://www.schneier.com/blog/archives/2012/02/computer_secur...

I can imagine other scenarios that are much MUCH worse. Don't get me started. :-)

BJ