Vulnerability Development mailing list archives
Re: ATM PVC as security barrier
From: Olli Artemjev <olli () METALTELECOM ORG RU>
Date: Thu, 10 May 2001 13:00:57 +0400
On Wed, 9 May 2001, Alfred R. Collins wrote:
Our network engineer proposed ATM PVC's as a means to route Internet traffic across our corporate backbone.
This is good solution.
Obviously, the best approach is to carry the Internet traffic on totally separate channels.
That costs too much money. Thus this is not the BEST approach.
However, we have to distribute Internet access to far flung sites on our corporate owned network, and network engineering does not want to pay for independent communication channels.
It's good. Having ATM you may do (from user level) the same thing as if you had many phisicaly diffrent lines.
They insist on using the existing corporate network infrastructure because it is already there.
Seems them can count money. =D
I proposed VPN's as more secure than PVCs.
That's almost wrong. Buy a popular book on ATM & read on. Seems you don't undestand what is ATM PVCs. PVCs can secure your network & VPNs can also. But them are working at diffrent level & it seem to be harder to hack ATM PVCs then VPNs. The difference is usualy at an end-point - with PVCs you must hack victims routers/switches & with PVCs you may attack end-user systems (via MUA/web browsers & other stuff transparent to network layer you may upload a trojan stuff).
Any other alternatives?
Lots of. Buy a book on networking or just thisit www.cisco.com & buy theirs CD - it contains configuring cisco hardware notes & also LAN building notes. & if you have ATM at your network - just thisit your net-enginiears & ask them what should you read around secure networking.
I am looking for feedback on using PVC's versus VPN's as a security barrier between our corporate network and the Internet.
Them both may be used & them both securing the network, but PVCs are more transparent & harder to hack.
Note I am proposing that VPN's provide security in the reverse direction than how they are typically used. Rather than protecting traffic inside the VPN transversing an insecure network, I am proposing that a VPN can protect a corporate network from the insecure Internet traffic confined within the VPN. Is this a valid assumption?
This is too short & small to a wide view. In some cases you may be right in some you may be wrong.
Note: both ends of the VPN terminate at a firewall that we control. Comments?
In this case PVCs are MUCH better. -- Bye.Olli MISiS Telecommunications phone: +7(095)955-0087
Current thread:
- ATM PVC as security barrier Alfred R. Collins (May 09)
- Re: ATM PVC as security barrier Kurt Seifried (May 10)
- Re: ATM PVC as security barrier Olli Artemjev (May 10)
- Re: ATM PVC as security barrier Shoten (May 10)
- <Possible follow-ups>
- Re: ATM PVC as security barrier Vachon, Scott (May 10)