Vulnerability Development mailing list archives

Re: ATM PVC as security barrier

From: Olli Artemjev <olli () METALTELECOM ORG RU>
Date: Thu, 10 May 2001 13:00:57 +0400

On Wed, 9 May 2001, Alfred R. Collins wrote:

Our network engineer proposed ATM PVC's as a means to route Internet traffic
across our corporate backbone.

This is good solution.

Obviously, the best approach is to carry the
Internet traffic on totally separate channels.

That costs too much money. Thus this is not the BEST approach.

However, we have to  distribute Internet access to far flung sites on
our corporate owned network, and network engineering does not want to
pay for independent communication channels.

It's good. Having ATM you may do (from user level) the same thing as if
you had many phisicaly diffrent lines.

They insist on using the existing corporate network
infrastructure because it is already there.

Seems them can count money. =D

I proposed VPN's as more secure than PVCs.

That's almost wrong. Buy a popular book on ATM & read on. Seems you don't
undestand what is ATM PVCs. PVCs can secure your network & VPNs can
also. But them are working at diffrent level & it seem to be harder to
hack ATM PVCs then VPNs. The difference is usualy at an end-point - with
PVCs you must hack victims routers/switches & with PVCs you may attack
end-user systems (via MUA/web browsers & other stuff transparent to
network layer you may upload a trojan stuff).

Any other alternatives?

Lots of. Buy a book on networking or just thisit www.cisco.com & buy
theirs CD - it contains configuring cisco hardware notes & also LAN
building notes. & if you have ATM at your network - just thisit your
net-enginiears & ask them what should you read around secure networking.

 I am looking for feedback on using PVC's
versus VPN's as a security barrier between our corporate network and the
Internet.

Them both may be used & them both securing the network, but PVCs are more
transparent & harder to hack.

Note I am proposing that VPN's provide security in the reverse
direction than how they are typically used. Rather than protecting traffic
inside the VPN transversing an insecure network, I am proposing that a VPN
can protect a corporate network from the insecure Internet traffic confined
within the VPN. Is this a valid assumption?

This is too short & small to a wide view. In some cases you may be right
in some you may be wrong.

Note: both ends of the VPN
terminate at a firewall that we control. Comments?

In this case PVCs are MUCH better.

--
Bye.Olli
MISiS Telecommunications
phone:   +7(095)955-0087

Current thread:

ATM PVC as security barrier Alfred R. Collins (May 09)
- Re: ATM PVC as security barrier Kurt Seifried (May 10)
- Re: ATM PVC as security barrier Olli Artemjev (May 10)
- Re: ATM PVC as security barrier Shoten (May 10)
- <Possible follow-ups>
- Re: ATM PVC as security barrier Vachon, Scott (May 10)