Over 40 years in IT, now retired.
CISSP, CCNP and PMP over those years.
I have joined the networks of several multi billion companies, and conducted multiple detailed security audits. To include several state, local and federal entities.
I know what I’m talking about.
You don’t.
Prior to civilian life, I worked with DCA and WHCA. Also CINCPAC.
I was a crew member in VQ3, handling the most sophisticated and sensitive communication in the nation.
I had 38 years in IT support, started out supporting Burroughs Mainframes in 1981...
Ended up working at a Cisco TAC Technical Assistance Center supporting basic routing, access lists, Frame Relay, and ISDN BRI circuits...
Went on to get my CCNP in Route/Switch and CCVP in Voice...
Contracted to several major fortune 100 companies implementing routers, switches, QoS, Call Managers, Unity Voice Mail Servers, Voice Gateways, hundreds of ISDN PRI Circuits and 10s of thousands of Cisco IP Phones of all kinds....One of the Cisco Voice Projects I worked on implemented over 400,000 phones.....
I say all that so that we need to concentrate on what’s important and the routers are far down on that list...
I’ve been in IT for well over 25 years, and a CCIE for over 15 years now. There was a time when routers would not have played much of a role in this, outside of netflow/jflow/ipfix connection data, but remote access VPN configs would certainly be suspicious.
Far beyond that, most router operating systems now are built on top of a Linux kernel. This allows them to run Linux containers. These containers can do whatever you want them to do (and these containers can potentially be in the middle of a break/inspect/re-encrypt path configured on the report itself.
I don’t see this as a distraction. They have to look at EVERYTHING to get a complete audit. It’s not like they stopped doing anything else while arguing about the routers.