Re: IPSec over MPLS

From: D R (deep.ratan@gmail.com)
Date: Fri Dec 16 2005 - 00:17:04 GMT-3

• Next message: kamrul.islam@bell.ca: "RE: ISIS -over NBMA"
• Previous message: Thomwin Chen: "Re: Top Ten Indications You Have Sat the Lab Too Many Times"
• Maybe in reply to: David Hoon: "IPSec over MPLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

David, you wrote "It comes down to the question if we can trust service
provider or not"

When you're talking to some bank/merchant's representative on the phone and
give them your credit card number, do you ever think "Should I trust this
person or not? What if he/she misuses my credit card number?"

All business...around the globe....is inherently based on trust. We draw up
contracts and documents crammed with legalese to feel secure but trust is
what counts.

ISPs offer MPLS without IPSec. Heck, to the end user, all details about MPLS
are totally transparent on their routers...yet, MPLS subscription is
steadily growing and a lot of that is coming from financial institutions.
I'm sure several think tanks have certified this mode of transport to be
safe and secure for institutions to pass sensitive information through it.

Sorry if I didn't add any value to this thread.

On 12/15/05, David Hoon <david.hoon.ccie@gmail.com> wrote:
>
> Hi Guys,
>
> I'm sorry for off-topic again, but hope this can be interesting topic for
> some of you. Is there anyone running IPSec over MPLS in the real
> production?
>
> I knew that MPLS L3VPN provide the same level of security as Frame relay
> or
> ATM does. However, MPLS control plan is in layer 3 and is easier to
> compromise than FR/ATM, at least in my opinion. Without data
> confidentiality, integrity, source authentication and anti-reply,
> financial
> institution sending sensitive information such as credit card or ssn
> across MPLS can be a big risk. It comes down to the question if we can
> trust service provider or not. Sorry if some of you may feel offence
> here.
> However, have been working in service provider environment myself, i knew
> how easy it is to have network misconfiguration or packet sniffing inside
> SP
> network.
>
> Is there any laws or regulation in USA enforcing sensitive information
> transported in encrypted fashion? Any idea from MPLS and security gurus
> are
> welcome. Thank you.
>
> -David Hoon
> CCIE #14141
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: kamrul.islam@bell.ca: "RE: ISIS -over NBMA"
• Previous message: Thomwin Chen: "Re: Top Ten Indications You Have Sat the Lab Too Many Times"
• Maybe in reply to: David Hoon: "IPSec over MPLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3