Security Basics mailing list archives
RE: VAN
From: "Sinan KORKMAZ" <skorkmaz () NETAS com tr>
Date: Mon, 24 Oct 2005 17:49:40 +0300
Hi, I think it is one of those new "Ethernet over" services (google for EVLS for example, Ethernet Virtual Line Service). It is a new, but a simple service to encapsulate Ethernet frames into an ATM Vcc (or an MPLS LSP) and simply carry it over an ATM (or MPLS) Backbone. There are no protocol requirements, hence one could transport broadcast based protocols like NetBEUI, also others like IPX, AppleTalk etc. It can be handy if you run some specific devices and can not get rid of legacy protocols, I know many customers dealing with transport over ip workarounds, GRE tunnels etc. But if you can run all your network on ip there is no specific value add for you to use such a service. There can even be some drawbacks of feeding your broadcast traffic to WAN links. In security measures, it would not be more nor less secure than any other WAN Layer-2 service (ATM, F-R, Leased Lines, X.25) except that broadcast transport ability, which could help flooding your network with broadcast storms. What most customers do not know is that most of those services can be, and very possibly are, given using the very same equipment. Since the service is simply layer-2, there are no layer-3 security features that can be deployed by carrier and generally those devices run very high speed trunks that will not be encrypted practically anyway. So if this is the proposal, although there are many very nice fitting applications for this service, the customer (you) should consider doing all kind of security practices by himself. Regards, Sinan
-----Original Message----- From: jalbuquerque () northkingtsown org [mailto:jalbuquerque () northkingtsown org] Sent: Thursday, October 20, 2005 12:45 PM To: security-basics () securityfocus com Subject: VAN I have an ISP pitching a Virtual Area Network to take the place Point to Point connections I have The pitch is Virtual Area Network (VAN) brings the next generation of virtual private networking to you. VAN provides a networking solution that enables you to connect remote offices and/or workers to the main office. In simplest terms, the VAN provides reliable, secure data transmissions across a physical network link. -Protocol independent -TCP/IP,NetBEUI,IPX and AppleTalk tested Security: -Baseline privacy,anti-spoofing functions,private addresses This is the proposed configuration VAN SITES|---| ISP ATM|---|STC|--|ISP ATM|---|WAN I will be setting up a meeting to find out more, but would like to have some input from you all. Anyone have experience with this? Any security related info would be helpful.
Current thread:
- VAN jalbuquerque (Oct 21)
- <Possible follow-ups>
- RE: VAN Sinan KORKMAZ (Oct 24)
- Re: RE: VAN jalbuquerque (Oct 24)