ATM and VPN's
Stephens, Ken
kstephe6 at CSC.COM
Thu Mar 9 18:55:07 EST 2000
Consider the just the issue of a mis-configured ATM Switch that should send
traffic from a business partner to you, but actually sends the traffic to you
and your competitor at the same time. ATM switches re-assemble the traffic to
IP packets where the defined PVC terminates. If you VPNed the connection, the
traffic is unusable to your competitor. Since you generally don't control the
configuration of the PVC (your carrier configures the switch) and you cannot
audit the switch (because your carrier won't let you see his mistakes) you are
blindly relying on someone else not to make a mistake.
This does not address the really bad element that could tap-in, record and
reassemble the ATM packets at their leisure. The rule is to encrypt as close to
the source and decrypt as close to the destination systems as possible. These
two locations must always be within your secure perimeter.
Ken Stephens, CISSP
Sr. Security Manager
Computer Sciences Corp.
eric.jeffery at edwards.af.mil on 03/09/2000 04:38:18 PM
Please respond to eric.jeffery at edwards.af.mil
More information about the VPN
mailing list