ATM and VPN's

Stephen Hope SHOPE at DATARANGE.CO.UK
Tue Mar 14 16:41:30 EST 2000 

VPNs are used for lots of things - basically having a logical
network overlay an underlying network (which could also be a VPN,
and so on).

VPN over ATM may be because you dont own it (carrier or outsource),
or because you dont trust it (security, privacy of access), or
because you need a different logical network design (layer 2 VLANs
between sites maybe?)

Security is probably the most likely problem with ATM, especially
if the data user doesnt own the switched WAN.

In the UK there is a lot of issues about taking "due care"
of financial data. In essence if a bank looses money electronically,
they are liable unless they can show they took all reasonable
precautions. You can argue that assuming the carrier doesnt let
your data "leak" from your circuits is not doing that.

We put in a fair number of dedicated leased line encryptors
for financial companies such as banks because of this.

The banks tend to prefer the external boxes because they are
a lot more "secure" in a physical sense than encryption on a
router - the Cylink units we use will wipe the keys if you open
or damage the case, use a real noise source to generate random keys for
Diffie Hellman exchanges and so on. also, they have tested by
various international financial institutions for money
transfers.

If you look at encryption software or hardware for routers, vpn gear
and so on, you can see they may have a point.

although Frame has not been so popular here for nets within the
UK, the same is happening there, but more slowly.

And, if you go ATM the same things will apply, although the boxes
are going to get a lot more expensive.

Stephen

Stephen Hope C. Eng, Network Consultant, shope at datarange.co.uk,
Datarange Communications PLC, part of Energis, WWW:
http://www.datarange.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Ryan Russell [mailto:ryan at SECURITYFOCUS.COM]
> Sent: Thursday, March 09, 2000 11:06 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: ATM and VPN's
>
>
> On Thu, 9 Mar 2000, Jeffery Eric Contr 95 CS/SCBA wrote:
>
> > Help me out- What's the point of a VPN over ATM?  If you
> establish a PVC
> > that's the same thing, isn't it?
> >
> > My understanding is that VPN's came about due to the
> insecurity of IP; ATM
> > doesn't have these weaknesses so again, what's the point of
> a VPN over ATM?
> >
>
> Most people's definition of a VPN includes encryption.  If
> you don't want
> to trust your ATM carrier, you'll still want encryption,
> authentication,
> etc.. on top of a PVC.
>
> This question is usually asked in the context of frame-relay.
>  It's the
> same question.  Do you trust your carrier (or perhaps switch
> manager if
> it's all in-house) to not snoop or do anything dumb?
>
> Most frame nets are considered "private' though they probably
> shouldn't
> be.
>
> 					Ryan
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list