Your SlideShare is downloading. ×
Vpn1
Vpn1
Vpn1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
564
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Fig.1 NIB – II Srinagar TOPOLOGY Shimla Chandigarh IGW Delhi Noida Noida Jaipur Guwahati Lucknow Patna Gandhinagar / Ahmedabad Bhopal Mumbai Kolkata BRAS Chattisgarh IGW IGW Kolkata Mumbai H-bad IGW Pune BRAS Bhubaneshwar IGW Goa Bangalore Chennai Bangalore IGW Chennai IGW Pondicherry Back Office facilities – Web hosting, Customer servers, Messaging, Caching, Ernakulam Billing, etc. IGW CORE Router EDGE Router BRAS STM16 Thiruvanthapuram STM1
  • 2. Fig. 2 NIB – II ARCHITECTURE DIAL – UP CONNECTIONS TO OTHER CORE ROUTERS NATIONAL INTERNET EXCHANGE TO CONNECT PSTN NETWORK ALL ISPs AND PROVIDE COMMON INTERNATIONAL GATEWAY CORE ROUTER RAS DIAL – UP EDGE ROUTERS NIEX SERVICE EDGE ROUTERS EDGE ROUTER EDGE ROUTER TIER I BRAS BRAS BRAS BRAS EDGE ROUTERS EDGE ROUTERS EDGE ROUTERS EDGE ROUTERS MPLS VPN EDGE ROUTERS TIER II TIER II TIER II TIER II TIER II TIER II EDGE ROUTER TIER II TIER II TIER II TIER II DSLAMs DSLAMs Leased Lines from VPN Subscriber Premises
  • 3. Explanatory Motes on VPN Vulnerability Slide 1 shows the topology of a typical ISP’s IP network over which both Internet and VPN services are laid out. This is the topology of BSNL’s NIB – ii. Five cities are connected in a full mesh connectivity to form the core IP back-bone across India. Other cities are connected through tri-node rings from the nodes of the core network through the Tier-1 switch at these nodes. Slide 2 shows the architecture of each of these nodes. The core router at the node sits on the Tier 1 switch. From these switches are taken the router connections for all the services – VPN, Internet through Broadband and PSTN. Thus you will note that there is continuous physical connectivity between all the routers in this IP network through the Tier 1 switch at each IP Node (POP). Thus there is continuous public domain access to the VPN routers. 1. In any IP network, public or private, the WAN ports of all routers in the network have continuous physical access to each other. Thus while a router port is engaged in communication with another in the network, a third port can have simultaneous communications with it. If the IP network is in the public domain (Internet) or has access from the public domain (VPN), this third port could be that of a hacker. 2. Thus while the various security protocols like IP Sec, etc., can transport the data from one computer to another securely, the LAN and the data bases residing on it are exposed to public domain through a VPN which has public domain access for reasons explained in 1 above. 3. For WAN computing it is necessary to have a real private network (at least for data communications). Once this is there then inter- locational voice / fax can be run over this network at marginal increase in the operating cost, using the patented PVDTN system. 4. You should not expose your company data bases to the public domain through Internet, ISDN back-up, or VPN (which has public domain access) for reasons explained earlier in 1 above. 5. The MPLS networks currently in vogue are another form of VPN network and are subject to the comments in 1 to 4 above. We do hope the above notes will explain the security vulnerability of your data bases when these are on LANs connected to VPN (MPLS or other wise) of any service provider. If you wish to secure your data bases 100% then use point-to- point leased lines for inter-locational computer connectivity.

×