Re: ATM PVC as security barrier

From: Olli Artemjev (olliat_private)
Date: Thu May 10 2001 - 02:00:57 PDT

Next message: Shoten: "Re: ATM PVC as security barrier"

Previous message: Matt Power: "Re: some ftpd implementations mishandle CWD ~{"
In reply to: Alfred R. Collins: "ATM PVC as security barrier"
Next in thread: Shoten: "Re: ATM PVC as security barrier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 May 2001, Alfred R. Collins wrote:
> Our network engineer proposed ATM PVC's as a means to route Internet traffic
> across our corporate backbone.
This is good solution.

> Obviously, the best approach is to carry the
> Internet traffic on totally separate channels.
That costs too much money. Thus this is not the BEST approach.

> However, we have to  distribute Internet access to far flung sites on
> our corporate owned network, and network engineering does not want to
> pay for independent communication channels.
It's good. Having ATM you may do (from user level) the same thing as if
you had many phisicaly diffrent lines.

> They insist on using the existing corporate network
> infrastructure because it is already there.
Seems them can count money. =D

> I proposed VPN's as more secure than PVCs.
That's almost wrong. Buy a popular book on ATM & read on. Seems you don't
undestand what is ATM PVCs. PVCs can secure your network & VPNs can
also. But them are working at diffrent level & it seem to be harder to
hack ATM PVCs then VPNs. The difference is usualy at an end-point - with
PVCs you must hack victims routers/switches & with PVCs you may attack
end-user systems (via MUA/web browsers & other stuff transparent to
network layer you may upload a trojan stuff).

> Any other alternatives?
Lots of. Buy a book on networking or just thisit www.cisco.com & buy
theirs CD - it contains configuring cisco hardware notes & also LAN
building notes. & if you have ATM at your network - just thisit your
net-enginiears & ask them what should you read around secure networking.

>  I am looking for feedback on using PVC's
> versus VPN's as a security barrier between our corporate network and the
> Internet.
Them both may be used & them both securing the network, but PVCs are more
transparent & harder to hack.

> Note I am proposing that VPN's provide security in the reverse
> direction than how they are typically used. Rather than protecting traffic
> inside the VPN transversing an insecure network, I am proposing that a VPN
> can protect a corporate network from the insecure Internet traffic confined
> within the VPN. Is this a valid assumption?
This is too short & small to a wide view. In some cases you may be right
in some you may be wrong.

> Note: both ends of the VPN
> terminate at a firewall that we control. Comments?
In this case PVCs are MUCH better.

--
Bye.Olli
MISiS Telecommunications
phone:   +7(095)955-0087

Next message: Shoten: "Re: ATM PVC as security barrier"
Previous message: Matt Power: "Re: some ftpd implementations mishandle CWD ~{"
In reply to: Alfred R. Collins: "ATM PVC as security barrier"
Next in thread: Shoten: "Re: ATM PVC as security barrier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 10 2001 - 14:27:58 PDT