RE: VAN

["Sinan KORKMAZ" <skorkmaz () NETAS com tr>]

Hi,

I think it is one of those new "Ethernet over" services (google for EVLS
for example, Ethernet Virtual Line Service).

It is a new, but a simple service to encapsulate Ethernet frames into an
ATM Vcc (or an MPLS LSP) and simply carry it over an ATM (or MPLS)
Backbone. There are no protocol requirements, hence one could transport
broadcast based protocols like NetBEUI, also others like IPX, AppleTalk
etc. It can be handy if you run some specific devices and can not get
rid of legacy protocols, I know many customers dealing with transport
over ip workarounds, GRE tunnels etc. But if you can run all your
network on ip there is no specific value add for you to use such a
service. There can even be some drawbacks of feeding your broadcast
traffic to WAN links.

In security measures, it would not be more nor less secure than any
other WAN Layer-2 service (ATM, F-R, Leased Lines, X.25) except that
broadcast transport ability, which could help flooding your network with
broadcast storms. What most customers do not know is that most of those
services can be, and very possibly are, given using the very same
equipment. Since the service is simply layer-2, there are no layer-3
security features that can be deployed by carrier and generally those
devices run very high speed trunks that will not be encrypted
practically anyway.

So if this is the proposal, although there are many very nice fitting
applications for this service, the customer (you) should consider doing
all kind of security practices by himself.

Regards,
Sinan

> -----Original Message-----
> From: jalbuquerque () northkingtsown org
> [mailto:jalbuquerque () northkingtsown org] 
> Sent: Thursday, October 20, 2005 12:45 PM
> To: security-basics () securityfocus com
> Subject: VAN
>
> I have an ISP pitching a Virtual Area Network to take the
> place Point to Point connections I have
>
> The pitch is
>
> Virtual Area Network (VAN) brings the next generation of
> virtual private networking to you. VAN provides a networking 
> solution that enables you to connect remote offices and/or 
> workers to the main office. In simplest terms, the VAN 
> provides reliable, secure data transmissions across a 
> physical network link.
>
> -Protocol independent
>
> -TCP/IP,NetBEUI,IPX and AppleTalk tested
>
> Security:
>
> -Baseline privacy,anti-spoofing functions,private addresses
>
> This is the proposed configuration
>
>  
> VAN SITES|---| ISP ATM|---|STC|--|ISP ATM|---|WAN
>
> I will be setting up a meeting to find out more, but would
> like to have some input from you all.
>
> Anyone have experience with this?
>
> Any security related info would be helpful.