|
A practical guide to hardening MPLS networks
- Define "zones of trust" for your MPLS VPN environment
- Understand fundamental security principles and how MPLS VPNs work
- Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network’s backbone, misconfigurations, sniffing, and inside attack forms
- Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons
- Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues
- Operate and maintain a secure MPLS core with industry best practices
- Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification
- Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS)
- Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents
Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network.