Tom Olzak

Make no assumptions about MPLS security

In Data Security, MPLS, Network Security on April 17, 2009 at 08:31

If you are using MPLS or transition to it, make sure you understand what the carrier is doing to protect your data.  This article also looks at security problems with BGP.

Some of the new tools attack a network data-forwarding technology known as MPLS, or multiprotocol label switching. Carriers such as Verizon, AT&T and Sprint use it to segregate one corporate customer’s traffic from another’s as it’s shuttled from one geographic region to another. The tools make it trivial for anyone with access to the carrier’s network to redirect that traffic or alter data on it.

The software works because MPLS has no mechanism for protecting the integrity of the headers that determine where a data packet should be delivered.

“There is no way of detecting modification of labels,” Rey said. “If somebody gets access to this network, it’s quite easy to cause disastrous havoc.”

Source: Hacking Internet backbones – it’s easier than you think, Dan Goodin, The Register, 16 April 2009

%d bloggers like this: