Security over ATM

Stephen Hope shope at ENERGIS-EIS.CO.UK
Tue Apr 3 04:35:29 EDT 2001 

venicio,

VPN is a combination of 2 different things:

1.	build a logical overlay network over a base network
2.	encryption to give privacy etc.

typically, you use both, where the underlying network is the Internet, but
the technologies can be applied separately.

You can also run VPN over any network - a lot of banks build a general
purpose IP network, and then use VPN style systems for the high security
traffic flows "over the top" of the general network.

So, you can use VPN, or more likely just encryption, over the Frame / ATM /
router network you build. You can encrypt traffic selectively, or just
encrypt everything.

Points to worry about:

1.	If the routers belong to the carrier, you will have issues about
making them configure things they regard as non standard (such as
encryption).
2.	If the carrier owbs the routers, they will need access anyway for
monitoring, so potentially they could turn off encryption and you would not
find out.
3.	in most countries encryption is restricted legally - you need to
check for the places your network will go.
4.	encryption requires a lot of processing - you may need more powerful
routers and / or encryption hardware accelerators to get enough router
performance to run at the WAN link speeds you are using.
5.	Encryption "costs" - it will eat some of your WAN bandwidth,
increase latency  and increase the complexity of building, maintaining and
operating the network. There may be other side effects.
6.	Since you are new to this, make sure your suppliers know how to help
you.
7.	Build a trial or pilot stage first so you learn how it works, and
how your applications behave.

good luck

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Venicio Vilas-Bôas [mailto:venicio_boas at BR.SCHINDLER.COM]
> Sent: 02 April 2001 21:00
> To: VPN at SECURITYFOCUS.COM
> Subject: Security over ATM
> Importance: High
>
>
> Dear Tina Bird
>
>          I am considering to use VPN for connect site to
> site. There are
> small sites with little traffic. Our solution is based in
> Cisco routers.
> For connect these sites was offered a solution denominated
> "IP intranet"
> which uses IP over ATM and IP over frame relay. This solution
> was being
> offered by Embratel ( One MCI carrier telecommunication in Brazil).
> I would like to know  whether I can use this solution only
> (IP over ATM and
> IP over frame relay) instead of solution with VPN.
> The telecommunication people affirms that there are no
> problems in use this
> solution offered by carrier because the traffic passes through of one
> single backbone and the problem of security will be resolved.
> I have a lot of doubts because I read a article denominated
> "A survey on
> ATM Security" where they speak about security in ATM evolving:
>
> -Eavesdropping
> - Spoofing
> - Service Denial
> - Stealing of VCs
> - Traffic Analysis
>
> I would be grateful for some  tips which will be help us to
> make a good
> decision.
>
> Kind regards
>
> Venicio
>
> VPN is sponsored by SecurityFocus.COM
>


-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list