Page 8 - CDM-Cyber-Warnings-January-2014
P. 8
Simplifying and Ensuring Data Security across the WAN by Keith Ross, Black Box A number of forces drive the need for increased data security, including protecting corporate information and trade secrets, government regulation, trade partner privacy agreements, account information, and customer expectations. Security becomes even more of an issue as more and more organizations use the Internet to send data to remote/branch offices. The not-so-private MPLS WAN. Many organizations use expensive, private WANs, such as T1, MPLS, or Metro Ethernet, for three primary reasons: availability, security, and any-to-any connectivity. Additionally, many organizations don’t encrypt their data over the WAN because it’s traveling on a private data network. Although private networks provide more reliable connections than the Internet and aren’t as public, they cannot be counted upon to be secure—they’re still vulnerable to attack. MPLS is a VPN that logically separates data with labels. Although the data traffic is kept separate from other traffic, it can still be easily intercepted at any node. When vendors say MPLS is private, what they mean is that the traffic is kept separate from other traffic, that they have processes in place to prevent unauthorized data snooping, and that their employees probably aren’t going to snoop either. In fact, your data probably won’t be stolen on an MPLS network, but you have no way of being sure and no way to tell if your data has been breached. The only way to ensure data security over an MPLS network is by encrypting data as it travels across the WAN. Many MPLS carriers have merged their private WANs and Internet backbones to reduce the burden of maintaining two separate backbones. There are two common methods for encrypting data across the Internet: IPsec tunnels and a secure mesh network. Going through tunnels. One answer to securing WAN traffic is to set up IPsec VPN tunnels. These enable users on a private MPLS network to send secure data across a public network, the Internet. This gives users the functionality and security of a private network but with the speed and throughput of the Internet. It also enables users to access their organization‘s intranet while traveling and it connects remote offices to one network. To secure these connections, IPsec VPNs need to be set up. IPsec VPN tunnels are fairly simple to set up between two points. But as the number of remote sites multiplies, the number of tunnels increases exponentially. A separate tunnel is needed between each pair of sites, leading to administrative hassles every time a remote site is added. This can be very difficult to set up and manage, especially as sites are added or removed. In addition, IPsec VPN tunnels + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *