Vulnerability Development mailing list archives
Re: ATM PVC as security barrier
From: Shoten <shoten () STARPOWER NET>
Date: Thu, 10 May 2001 10:23:12 -0400
Your assumption (about how traffic inside a VPN cannot interact with the routers it passes through and the devices that may happen to see it while encrypted) is correct. I am not aware of methods, however, by which someone may break out of a PVC, but my gut reaction is to agree with you that a VPN is more secure. The downside of this is if you implement IDS, you will need to put the sensors in places where they will see the traffic either before encryption or after decryption. And, er, one other thing...you might want to set up something akin to a hotmail account and post from that instead of your company email account. I'm not entirely sure that everyone who sees these postings is a good guy :)
Our network engineer proposed ATM PVC's as a means to route Internet
traffic
across our corporate backbone. Obviously, the best approach is to carry
the
Internet traffic on totally separate channels. However, we have to distribute Internet access to far flung sites on our corporate owned network, and network engineering does not want to pay for independent communication channels. They insist on using the existing corporate
network
infrastructure because it is already there. I proposed VPN's as more
secure
than PVCs. Any other alternatives? I am looking for feedback on using
PVC's
versus VPN's as a security barrier between our corporate network and the Internet. Note I am proposing that VPN's provide security in the reverse direction than how they are typically used. Rather than protecting traffic inside the VPN transversing an insecure network, I am proposing that a VPN can protect a corporate network from the insecure Internet traffic
confined
within the VPN. Is this a valid assumption? Note: both ends of the VPN terminate at a firewall that we control. Comments?
Current thread:
- ATM PVC as security barrier Alfred R. Collins (May 09)
- Re: ATM PVC as security barrier Kurt Seifried (May 10)
- Re: ATM PVC as security barrier Olli Artemjev (May 10)
- Re: ATM PVC as security barrier Shoten (May 10)
- <Possible follow-ups>
- Re: ATM PVC as security barrier Vachon, Scott (May 10)