To be able to analyze security in any environment, a threat model is required, against which security requirements are then evaluated. This chapter defined the threats against the various zones of trust in the MPLS VPN environment.

Threats against VPNs contain intrusions and DoS attacks from other VPNs, the Internet, or from the MPLS core. Each other zone has similar threats.

The core can be attacked from either VPNs or the Internet, and the Internet can be attacked from VPNs. If the MPLS core consists of multiple autonomous systems in an Inter-AS architecture, the various autonomous systems could attack each other, and in some cases affect the security of connected VPNs.

Special care must be taken in securing the NOC: in many designs it can be attacked from the VPNs, and it may accidentally cross-connect VPNs if the network is not designed carefully.

Based on this threat model, the overall security of the MPLS VPN environment can now be evaluated.