1. Home
  2. Networking
  3. Mpls VPN security

Summary

To be able to analyze security in any environment, a threat model is required, against which security requirements are then evaluated. This chapter defined the threats against the various zones of trust in the MPLS VPN environment.

Threats against VPNs contain intrusions and DoS attacks from other VPNs, the Internet, or from the MPLS core. Each other zone has similar threats.

The core can be attacked from either VPNs or the Internet, and the Internet can be attacked from VPNs. If the MPLS core consists of multiple autonomous systems in an Inter-AS architecture, the various autonomous systems could attack each other, and in some cases affect the security of connected VPNs.

Special care must be taken in securing the NOC: in many designs it can be attacked from the VPNs, and it may accidentally cross-connect VPNs if the network is not designed carefully.

Based on this threat model, the overall security of the MPLS VPN environment can now be evaluated.



    		Part I: MPLS VPN and Security Fundamentals
    		Chapter 1. MPLS VPN Security: An Overview
    		Chapter 2. A Threat Model for MPLS VPNs
    		Threats Against a VPN
    		Threats Against an Extranet Site
    		Threats Against the Core
    		Threats Against the Internet
    		Threats from Within a Zone of Trust
    		Reconnaissance Attacks
    		Summary
    		Part II: Advanced MPLS VPN Security Issues
    		Part III: Practical Guidelines to MPLS VPN Security
    		Part IV: Case Studies and Appendixes