Page 13 - cdm-2014
P. 13
$'*&$!3$(" ( (-/,$(" . /,$.3 ,)-- .#
3 $.# )--
A number of forces drive the need for increased data security, including protecting corporate
information and trade secrets, government regulation, trade partner privacy agreements,
account information, and customer expectations. Security becomes even more of an issue as
more and more organizations use the Internet to send data to remote/branch offices.
The not-so-private MPLS WAN.
Many organizations use expensive, private WANs, such as T1, MPLS, or Metro Ethernet, for
three primary reasons: availability, security, and any-to-any connectivity. Additionally, many
organizations don’t encrypt their data over the WAN because it’s traveling on a private data
network. Although private networks provide more reliable connections than the Internet and
aren’t as public, they cannot be counted upon to be secure—they’re still vulnerable to attack.
MPLS is a VPN that logically separates data with labels. Although the data traffic is kept
separate from other traffic, it can still be easily intercepted at any node. When vendors say
MPLS is private, what they mean is that the traffic is kept separate from other traffic, that they
have processes in place to prevent unauthorized data snooping, and that their employees
probably aren’t going to snoop either.
In fact, your data probably won’t be stolen on an MPLS network, but you have no way of being
sure and no way to tell if your data has been breached. The only way to ensure data security
over an MPLS network is by encrypting data as it travels across the WAN.
Many MPLS carriers have merged their private WANs and Internet backbones to reduce the
burden of maintaining two separate backbones.
There are two common methods for encrypting data across the Internet: IPsec tunnels and a
secure mesh network.
Going through tunnels.
One answer to securing WAN traffic is to set up IPsec VPN tunnels. These enable users on a
private MPLS network to send secure data across a public network, the Internet. This gives
users the functionality and security of a private network but with the speed and throughput of the
Internet. It also enables users to access their organization‘s intranet while traveling and it
connects remote offices to one network.
To secure these connections, IPsec VPNs need to be set up. IPsec VPN tunnels are fairly
simple to set up between two points. But as the number of remote sites multiplies, the number
of tunnels increases exponentially. A separate tunnel is needed between each pair of sites,
leading to administrative hassles every time a remote site is added.
! " $ !
! # ! "
