On Thu, 06 Jun 2002 08:23:14 EDT, Rich Sena <ras@thick.net> said:
OK - sorry if this is elementary - however I am dealing with a challenge to the security of some ATM links that we have connecting remote facilities to a main campus. The connections are all PVPs with individual PVCs defined point to point. The concern that is being raised is that although these connections appear point-to-point PVCs to the router interfaces at our sites and our main campus - they are more than likely switched SVCs on the provider backbone...
Do the security analysis further. You only care about the difference if it means that different classes of people can do Something Evil to you. So, for instance, if you asked for fiber because it requires physical access and at least a bit of clue to tap, and instead one hop is over microwave, that *is* a problem, because you can often tap microwave without having to get physical access to the towers. I would say that the actual media used for the circuit *is* a valid security issue. On the other hand, the media used probably has little or no relationship to whether it's nailed or not. So let's think. There's two classes of people you need to worry about: 1) rogue employees of your carrier. Here, the distinction doesn't matter, because they can do Something Evil whether it's a nailed connection or a virtual connection. 2) outside agents. Again, if they can do Something Evil when it's a virtual connection, making it a nailed connection won't slow them down much. If your security needs are so stringent that you care about the distinction between virtual and nailed connections, it's time to start deploying in-depth defenses: Yes, somebody could hijack a virtual connection by hacking one of the switches involved, to either perform a MITM attack or a DoS attack. In the first case (MITM attack), you should be using an end-to-end authentication/encryption scheme. After all, MITM attacks can happen elsewhere along the path (it's amazing how many cases I've heard of where a rogue PC or hacked server on the same subnet as the target server was used to MITM by the simple expedient of sending forged ICMP Redirect packets). In the second case (DoS), you should be utilizing multihoming (remember that they can DoS you by using a chainsaw - you slice the cables, it doesn't matter what sort of connection it used to be. Anybody who hasn't had a chat with a backhoe operator hasn't been in this business for long ;) Also, remember that although outside hackers from some 2nd/3rd world country are getting all the attention, the *really* bad news is usually a disgruntled (possible former) employee. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech