MPLS VPN Security

Description:

A practical guide to hardening MPLS networks 

• Define "zones of trust" for your MPLS VPN environment
• Understand fundamental security principles and how MPLS VPNs work
• Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network’s backbone, misconfigurations, sniffing, and inside attack forms
• Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons
• Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues
• Operate and maintain a secure MPLS core with industry best practices
• Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification
• Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS)
• Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents 

Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network.

 

MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions.

 

Drawing upon the authors’ considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment.

 

"The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks."

—Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems®

 

 

 

Table of Contents:

Foreword

Introduction

Part I       MPLS VPN and Security Fundamentals

Chapter  1MPLS VPN Security: An Overview

Key Security Concepts

Security Differs from Other Technologies

What Is “Secure”?

No System Is 100 Percent Secure

Three Components of System Security

Principle of the Weakest Link

Principle of the Least Privilege

Other Important Security Concepts

Overview of VPN Technologies

Fundamentals of MPLS VPNs

Nomenclature of MPLS VPNs

Three Planes of an MPLS VPN Network

Security Implications of Connectionless VPNs

A Security Reference Model for MPLS VPNs

Summary

Chapter  2A Threat Model for MPLS VPNs

Threats Against a VPN

Intrusions into a VPN

Denial of Service Against a VPN

Threats Against an Extranet Site

Threats Against the Core

Monolithic Core

Inter-AS: A Multi-AS Core

Carrier’s Carrier: A Hierarchical Core

Threats Against a Network Operations Center

Threats Against the Internet

Threats from Within a Zone of Trust

Reconnaissance Attacks

Summary

Part II      Advanced MPLS VPN Security Issues

Chapter  3MPLS Security Analysis

VPN Separation

Address Space Separation

Traffic Separation

Robustness Against Attacks

Where an MPLS Core Can Be Attacked

How an MPLS Core Can Be Attacked

How the Core Can Be Protected

Hiding the Core Infrastructure

Protection Against Spoofing

Specific Inter-AS Considerations

Model A: VRF-to-VRF Connections at the AS Border Routers

Model B: EBGP Redistribution of Labeled VPN-IPv4 Routes from AS to Neighboring AS

Model C: Multihop eBGP Redistribution of Labeled VPN-IPv4
Routes Between Source and Destination ASs, with eBGP
Redistribution of Labeled IPv4 Routes from AS to Neighboring AS

Comparison of Inter-AS Security Considerations

Specific Carrier’s Carrier Considerations

How CsC Works

Security of CsC

Security Issues Not Addressed by the MPLS Architecture

Comparison to ATM/FR Security

VPN Separation

Robustness Against Attacks

Hiding the Core Infrastructure

Impossibility of VPN Spoofing

CE-CE Visibility

Comparison of VPN Security Technologies

Summary

Chapter  4Secure MPLS VPN Designs

Internet Access

MPLS Core Without Internet Connectivity

Generic Internet Design Recommendations

Internet in a VRF

Internet in the Global Routing Table

Overview of Internet Provisioning

Extranet Access

MPLS VPNs and Firewalling

Designing DoS-Resistant Networks

Overview of DoS

Designing a DoS-Resistant Provider Edge

Tradeoffs Between DoS Resistance and Network Cost

DoS Resistant Routers

Inter-AS Recommendations and Traversing Multiple Provider
Trust Model Issues

Case A: VRF-to-VRF Connection on ASBRs

Case B: eBGP Redistribution of Labeled VPN-IPv4 Routes

Case C: Multi-Hop eBGP Distribution of Labeled VPN-IPv4 Routes
with eBGP Redistribution of IP4 Routes

Carriers’ Carrier

Layer 2 Security Considerations

Multicast VPN Security

Summary

Chapter  5Security Recommendations

General Router Security

Secure Access to Routers

Disabling Unnecessary Services for Security

IP Source Address Verification

12000 Protection and Receive ACLs (rACLs)

Control Plane Policing

AutoSecure

CE-Specific Router Security and Topology Design Considerations

Managed CE Security Considerations

Unmanaged CE Security Considerations

CE Data Plane Security

PE-Specific Router Security

PE Data Plane Security

PE-CE Connectivity Security Issues

P-Specific Router Security

Securing the Core

Infrastructure Access Lists (iACLs)

Routing Security

Neighbor Router Authentication

MD5 for Label Distribution Protocol

CE-PE Routing Security Best Practices

PE-CE Addressing

Static Routing

Dynamic Routing

eBGP PE-CE Routing

EIGRP PE-CE Routing

OSPF PE-CE Routing

RIPv2 PE-CE Routing

PE-CE Routing Summary

Prevention of Routes from Being Accepted by Nonrecognized Neighbors

BGP Maximum-Prefix Mechanism

Internet Access

Resource Sharing: Internet and Intranet

Sharing End-to-End Resources

Additional Security

Addressing Considerations

LAN Security Issues

LAN Factors for Peering Constructs

IPsec: CE to CE

IPsec PE-PE

MPLS over IP Operational Considerations: L2TPv3

MPLS over L2TPv3

Securing Core and Routing Check List

Summary

Part III     Practical Guidelines to MPLS VPN Security

Chapter  6How IPsec Complements MPLS

IPsec Overview

Location of the IPsec Termination Points

CE-CE IPsec

PE-PE IPsec

Remote Access IPsec into an MPLS VPN

Deploying IPsec on MPLS

Using Other Encryption Techniques

Summary

Chapter  7Security of MPLS Layer 2 VPNs

Generic Layer 2 Security Considerations

C2 Ethernet Topologies

C3 VPLS Overview

C4 VPWS Overview

C5 VPLS and VPWS Service Summary and Metro Ethernet Architecture Overview

C6 VPLS and VPWS Security Overview

Physical Interconnection Option Details

D1 SP Interconnect Models

D3 Metro Ethernet Model

Customer Edge

CE Interconnection Service Is a Layer 3 Device

Customer Edge Interconnection Service Is a Layer 2 Device

Hijack Management Security

Disable Password Recovery

U-PE STP Priority

Apply Broadcast Limiters

Disable/Block Layer 2 Control Traffic

VTP Transparent Operation

MAC Address Limits and Port Security

Controlling Reserved VLANs

Removing Unused VLANs

 

Hard-Code Physical Port Attributes

Establish Network Reporting

Enable 802.1x

Summary

Chapter  8Secure Operation and Maintenance of an MPLS Core

Management Network Security

Securely Managing CE Devices

Management VRF Overview

Management VRF Details

Securely Managing the Core Network

Summary

Part IV     Case Studies and Appendixes

Chapter  9Case Studies

Internet Access

NAT Via Common Gateways

PE to Multiple Internet Gateways

NAT via a Single Common Gateway

Registered NAT by CE

Internet Access via Customer-Controlled NAT

Internet Access Using Global Routing Table

BGP Internet Routing Table from the Service Provider of an ISP

Tier 3 ISP Connecting to an Upstream Tier via a Service Provider

Hybrid Model

Multi-Lite VRF Mechanisms

Configuration Example for Internet and VPN Service Using the Same CE

Layer 2 LAN Access

Summary

Appendix ADetailed Configuration Example for a PE

Appendix BReference List

Index