MPLS security book
Hello, I've been reading through Cisco press MPLS VPN Security book, too many assumtions about spoofing labels, getting access to core, PE, another VPN,.... in security nothing should be taken for granted, but has there been any real world incidents where such scenarios have been really occuring ? Regards
I'm not sure this is on-topic for NANOG, but I'll have a go. This is a great book. It doesn't make any assumptions about spoofing or access to P and PE routers - it analyzes what will happen if that occurs. Security is about risk management. In order to manage risks, you have to know what they are. The authors of this book obviously put a lot of thought into exactly what security means, how it applies to networks, and how it applies to MPLS. The network operations community has no idea if any of the scenarios discussed in the book have happened. More importantly, who cares? Security comes in two forms - reactive and proactive. Just because an attack has occurred in the past is not a reasonable indicator of future threat on its own. Similarly, the absence of a particular attack does not mean a threat doesn't exist. In any event, we do not have any idea of what attacks have really occurred, so we must act without that knowledge. This is a great book for two audiences: enterprise network engineers who are getting asked if their new MPLS VPN is secure (for some definition of secure) and carrier network engineers trying to answer that question. - Daniel Golding On 8/28/05 8:28 AM, "Kim Onnel" <karim.adel@gmail.com> wrote:
Hello,
I've been reading through Cisco press MPLS VPN Security book, too many assumtions about spoofing labels, getting access to core, PE, another VPN,....
in security nothing should be taken for granted, but has there been any real world incidents where such scenarios have been really occuring ?
Regards
participants (2)
-
Daniel Golding
-
Kim Onnel