The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: Fwd: MPLS VPN
Aleezah: I would like to amplify on what Roger said. Since the LSP is solely within the Service Provider's network, and MPLS VPN is considered "secure". And certainly it is no less secure than a Frame Relay PVC or an ATM PVC. It is considered extremely unlikely that other corporations or entities are snooping the traffic that run across FR or ATM PVCs. Corporations put a huge amount of traffic over Frame Relay and ATM, and very few worry about the security of their traffic -- because the SP is considered to be an secure broker. However, for those corporations who are extra paranoid, there is no reason that they can't run IPsec VPNs between their sites. The MPLS VPN is transparent to them, but the SP's MPLS VPNs would carry the corporation's IPsec VPNs. MPLS VPNs are implemented by Service Providers for the purpose of TE, etc. While they tend to leave IPsec VPNs for their corporate customers to implement... --Wulf At 10:32 AM 12/29/02 -0500, Roger Clark Williams wrote: >Aleezah, security is relative. To take a simple example, are you more >secure with a 56-bit key or a 128-bit key? It all depends on the >capability of those who 1) have access to the traffic, and 2) the ability >they can muster to crack the encryption. It is relative. > >With a MPLS VPN the data within the original IP packet is still in >clear-text format, there is no encryption. Granted, the LSP you mention >may be secure, but who has access to that path? Can all those people be >trusted completely? It is all relative. > >There is no such thing as absolute security, there is only relatively >better and relatively worse security. For better security over an MPLS >VPN, I would use IPsec. Others will certainly argue for something better, >longer keys, whatever. Perhaps stenographically embedding encrypted data >in a file that is then encrypted within a packet that itself is >encrypted...... Again, it is all relative. What is the value of your traffic? > >I would bring to your attention the very reasonable and informative >writings of Bruce Schneier, founder of Counterpane, and his newsletter >called Crypto-gram. Available to all at >http://www.counterpane.com/crypto-gram.html or send a blank message to >crypto-gram-subscribe@chaparraltree.com > >Roger Williams > > >>X-Originating-IP: [203.135.5.55] >>From: "aleezah khan" <aleezahkhan2k@hotmail.com> >>To: rogerw@nordlink.com >>Subject: MPLS VPN >>Date: Sun, 29 Dec 2002 14:55:22 +0000 >>X-OriginalArrivalTime: 29 Dec 2002 14:55:22.0298 (UTC) >>FILETIME=[4FEA21A0:01C2AF4A] >> >> >>Hi, >>merry christmass to u!! >>i need some help .i hope u can guide me... >>In MPLS VPN with the use of VPN identifier (RD) and secure LSP ,is data >>security still an issue? >>DO you think encrypting the data is the only way to secure our data >>running in BGP MPLS VPN? >>If not then what are your recommendations >> >> >> >> >>_________________________________________________________________ >>Add photos to your messages with MSN 8. Get 2 months FREE*. >>http://join.msn.com/?page=features/featuredemail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= >>http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_addphotos_3mf > >------- >The MPLS-OPS Mailing List >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|