2/28/2012
MPLS VPN Security Review
Average Reviews:
(More customer reviews)MPLS VPN Security (Paperback)
by Michael H. Behringer, Monique J. Morrow ISBN 1587051834
As Multiprocotol Label Switching (MPLS) is becoming widely deployed for providing virtual private network (VPN) services. Security becomes a major concern for companies planning to migrate from the legacy VPN's to MPLS VPN's. This book provides an indepth look at what are the real security issues that both service providers providing MPLS VPN's and companies utlizing such services face. The authors provide a clear understanding of how the MPLS VPN's work differently from other VPN technologies.
The book is divided into four parts MPLS VPN and Security Fundamentals form Part One. The first part of the book provides an excellent overview on the three basic components of security: the architecture, design and operations and defines the "zones of trust" for an MPLS VPN environment. It provides an excellent Security Reference Model for MPLS VPNs. The various threats to a VPN are broken down into parts for better understanding, like threat, intrusion, Denial of Service against a VPN. Threat against an Extranet site. Threats against the core, and from within a Zone of trust.
Part Two of the book provides an analysis of Advanced MPLS VPN Security Issues like VPN Seperation (Address Space and traffic), Robustness against attacks (where and how), protection against spoofing, Specific Inter-AS considerations and comparisons. And other issues not addressed by the MPLS Architecture. It examines in detail Secure MPLS VPN designs and shows how to design a DOS resistant network and the tradeoffs between DOS resistance and network cost. The security recommendations provide tips on general router security, basic templates and ACL Examples. CE-Specific router security and topology design considerations. LAN Security Issues. CE-PE routing Security Best Practices. IPSec both CE to CE and PE to PE. And a comprehensive checklist for securing Core and Routing.
Part Three provides practical guidelines to MPLS VNP Security and shows how IPSec complements MPLS. It explains the deployment of IPSec on MPLS and use of other encryption techniques. It underlines the importance of security of MPLS Layer 2 VPNs and the various generic Layer 2 security considerations. The section ends with providing a plan for the operation management and maintenance of a MPLS core. It deals with the secure management of CE devices, management of VRF and VRF details.
Part Four provides deployment examples and lessons learned, highlighting theoretical discussion points from the previous chapters. It also provides various scenarios for internet access and points out security considerations for each example.
The coauthor Michael H. Behringer is an active member of the IETF and has published work on MPLS VPN security since 2001.
The coauthor Monique J. Morrow (CCIE # 1711) is active in both IETF and ITU-T SG 13 with a focus on OAM. She is currently engaged in MPLS OAM standards development.
I feel this book would be extremely useful for security and operations staff of enterprises that deploy MPLS or subscribe to a service based on MPLS.
I give this book 5 stars on a scale of 5, 5 being the highest. I strongly recommend this book.
Niloufer Tamboly, CISSP
Click Here to see more reviews about: MPLS VPN Security
A practical guide to hardening MPLS networksDefine "zones of trust" for your MPLS VPN environment Understand fundamental security principles and how MPLS VPNs work Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network's backbone, misconfigurations, sniffing, and inside attack forms Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues Operate and maintain a secure MPLS core with industry best practices Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS) Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidentsMultiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network. MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions. Drawing upon the authors' considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment."The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks."—Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems®
Labels:
bgp,
ccie,
cisco,
mpls,
network management,
network security,
networking,
routers,
security,
telecommunicati ons
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment