IPSec over MPLS

From: David Hoon (david.hoon.ccie@gmail.com)
Date: Thu Dec 15 2005 - 21:12:19 GMT-3

• Next message: Cisco Nuts: "dialer callback-secure question ??"
• Previous message: Brian Dennis: "RE: dialer idle-timeout 120 outbound question ???"
• Next in thread: D R: "Re: IPSec over MPLS"
• Maybe reply: D R: "Re: IPSec over MPLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Guys,

I'm sorry for off-topic again, but hope this can be interesting topic for
some of you. Is there anyone running IPSec over MPLS in the real
production?

I knew that MPLS L3VPN provide the same level of security as Frame relay or
ATM does. However, MPLS control plan is in layer 3 and is easier to
compromise than FR/ATM, at least in my opinion. Without data
confidentiality, integrity, source authentication and anti-reply, financial
institution sending sensitive information such as credit card or ssn
across MPLS can be a big risk. It comes down to the question if we can
trust service provider or not. Sorry if some of you may feel offence here.
However, have been working in service provider environment myself, i knew
how easy it is to have network misconfiguration or packet sniffing inside SP
network.

Is there any laws or regulation in USA enforcing sensitive information
transported in encrypted fashion? Any idea from MPLS and security gurus are
welcome. Thank you.

-David Hoon
CCIE #14141

• Next message: Cisco Nuts: "dialer callback-secure question ??"
• Previous message: Brian Dennis: "RE: dialer idle-timeout 120 outbound question ???"
• Next in thread: D R: "Re: IPSec over MPLS"
• Maybe reply: D R: "Re: IPSec over MPLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3