Although the inherent flaws in MPLS security have been known for sometime, only in the last few months has there been a concerted effort to deliver hacking tools designed specifically to exploit MPLS security vulnerabilities, putting retail data networks at risk of attack.

At a Black Hat Europe Conference last April a team of researchers released tools that can automate attacks on MPLS and Ethernet backbone technologies.  According to one of the researchers,”These technologies do not provide any security themselves, but just rely on the assumption that the underlying network is secure.”

As MPLS VPNs evolved from proprietary networks to supporting internet-based services, so did their risk of attack increase. German researcher Ray says,”Enterprises that use these VPN services should be aware they are vulnerable. Perform risk analysis and encrypt your traffic.  ”Just because it’s called MPLS VPN [doesn't mean] you should [automatically] trust it.”

Many retailers followed their service providers advice and simply migrated from Frame Relay and ATM networks to MPLS.  However, over time the majority of problems meant to be solved by MPLS no longer exist, and holes in the technology are being exploited. 

Total information security for retail data networks is possible.  Solutions using PKI technology, unique digital certificates with mutual mandatory authentication between security appliances, end-to-end data encryption and data integrity checking can provide a standalone data network solution or act as the security layer for
an existing MPLS VPN network.

Retailers need to re-examine wide area networking technologies and topologies as they seek to optimize the security, reliability and cost of their current data network.

Posted: Tuesday, June 16th, 2009 - Network Security, Security Applications
RSS 2.0 - Comment - Trackback