MPLS VPN Security

A practical guide to hardening MPLS networks  Define "zones of trust" for your MPLS VPN environment Understand fundamental security principles and how MPLS VPNs work Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network’s backbone, misconfigurations, sniffing, and inside attack forms Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues Operate and maintain a secure MPLS core with industry best practices Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS) Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents  Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network.   MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions.   Drawing upon the authors’ considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment.   "The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks." —Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems®  

Table of Contents:
Foreword Introduction Part I       MPLS VPN and Security Fundamentals Chapter  1MPLS VPN Security: An Overview Key Security Concepts Security Differs from Other Technologies What Is “Secure”? No System Is 100 Percent Secure Three Components of System Security Principle of the Weakest Link Principle of the Least Privilege Other Important Security Concepts Overview of VPN Technologies Fundamentals of MPLS VPNs Nomenclature of MPLS VPNs Three Planes of an MPLS VPN Network Security Implications of Connectionless VPNs A Security Reference Model for MPLS VPNs Summary Chapter  2A Threat Model for MPLS VPNs Threats Against a VPN Intrusions into a VPN Denial of Service Against a VPN Threats Against an Extranet Site Threats Against the Core Monolithic Core Inter-AS: A Multi-AS Core Carrier’s Carrier: A Hierarchical Core Threats Against a Network Operations Center Threats Against the Internet Threats from Within a Zone of Trust Reconnaissance Attacks Summary Part II      Advanced MPLS VPN Security Issues Chapter  3MPLS Security Analysis VPN Separation Address Space Separation Traffic Separation Robustness Against Attacks Where an MPLS Core Can Be Attacked How an MPLS Core Can Be Attacked How the Core Can Be Protected Hiding the Core Infrastructure Protection Against Spoofing Specific Inter-AS Considerations Model A: VRF-to-VRF Connections at the AS Border Routers Model B: EBGP Redistribution of Labeled VPN-IPv4 Routes from AS to Neighboring AS Model C: Multihop eBGP Redistribution of Labeled VPN-IPv4 Routes Between Source and Destination ASs, with eBGP Redistribution of Labeled IPv4 Routes from AS to Neighboring AS Comparison of Inter-AS Security Considerations Specific Carrier’s Carrier Considerations How CsC Works Security of CsC Security Issues Not Addressed by the MPLS Architecture Comparison to ATM/FR Security VPN Separation Robustness Against Attacks Hiding the Core Infrastructure Impossibility of VPN Spoofing CE-CE Visibility Comparison of VPN Security Technologies Summary Chapter  4Secure MPLS VPN Designs Internet Access MPLS Core Without Internet Connectivity Generic Internet Design Recommendations Internet in a VRF Internet in the Global Routing Table Overview of Internet Provisioning Extranet Access MPLS VPNs and Firewalling Designing DoS-Resistant Networks Overview of DoS Designing a DoS-Resistant Provider Edge Tradeoffs Between DoS Resistance and Network Cost DoS Resistant Routers Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues Case A: VRF-to-VRF Connection on ASBRs Case B: eBGP Redistribution of Labeled VPN-IPv4 Routes Case C: Multi-Hop eBGP Distribution of Labeled VPN-IPv4 Routes with eBGP Redistribution of IP4 Routes Carriers’ Carrier Layer 2 Security Considerations Multicast VPN Security Summary Chapter  5Security Recommendations General Router Security Secure Access to Routers Disabling Unnecessary Services for Security IP Source Address Verification 12000 Protection and Receive ACLs (rACLs) Control Plane Policing AutoSecure CE-Specific Router Security and Topology Design Considerations Managed CE Security Considerations Unmanaged CE Security Considerations CE Data Plane Security PE-Specific Router Security PE Data Plane Security PE-CE Connectivity Security Issues P-Specific Router Security Securing the Core Infrastructure Access Lists (iACLs) Routing Security Neighbor Router Authentication MD5 for Label Distribution Protocol CE-PE Routing Security Best Practices PE-CE Addressing Static Routing Dynamic Routing eBGP PE-CE Routing EIGRP PE-CE Routing OSPF PE-CE Routing RIPv2 PE-CE Routing PE-CE Routing Summary Prevention of Routes from Being Accepted by Nonrecognized Neighbors BGP Maximum-Prefix Mechanism Internet Access Resource Sharing: Internet and Intranet Sharing End-to-End Resources Additional Security Addressing Considerations LAN Security Issues LAN Factors for Peering Constructs IPsec: CE to CE IPsec PE-PE MPLS over IP Operational Considerations: L2TPv3 MPLS over L2TPv3 Securing Core and Routing Check List Summary Part III     Practical Guidelines to MPLS VPN Security Chapter  6How IPsec Complements MPLS IPsec Overview Location of the IPsec Termination Points CE-CE IPsec PE-PE IPsec Remote Access IPsec into an MPLS VPN Deploying IPsec on MPLS Using Other Encryption Techniques Summary Chapter  7Security of MPLS Layer 2 VPNs Generic Layer 2 Security Considerations C2 Ethernet Topologies C3 VPLS Overview C4 VPWS Overview C5 VPLS and VPWS Service Summary and Metro Ethernet Architecture Overview C6 VPLS and VPWS Security Overview Physical Interconnection Option Details D1 SP Interconnect Models D3 Metro Ethernet Model Customer Edge CE Interconnection Service Is a Layer 3 Device Customer Edge Interconnection Service Is a Layer 2 Device Hijack Management Security Disable Password Recovery U-PE STP Priority Apply Broadcast Limiters Disable/Block Layer 2 Control Traffic VTP Transparent Operation MAC Address Limits and Port Security Controlling Reserved VLANs Removing Unused VLANs Hard-Code Physical Port Attributes Establish Network Reporting Enable 802.1x Summary Chapter  8Secure Operation and Maintenance of an MPLS Core Management Network Security Securely Managing CE Devices Management VRF Overview Management VRF Details Securely Managing the Core Network Summary Part IV     Case Studies and Appendixes Chapter  9Case Studies Internet Access NAT Via Common Gateways PE to Multiple Internet Gateways NAT via a Single Common Gateway Registered NAT by CE Internet Access via Customer-Controlled NAT Internet Access Using Global Routing Table BGP Internet Routing Table from the Service Provider of an ISP Tier 3 ISP Connecting to an Upstream Tier via a Service Provider Hybrid Model Multi-Lite VRF Mechanisms Configuration Example for Internet and VPN Service Using the Same CE Layer 2 LAN Access Summary Appendix ADetailed Configuration Example for a PE Appendix BReference List Index  

About the Author :
Michael H. Behringer is a distinguished engineer at Cisco®, where his expertise focuses on MPLS VPN security, service provider security, and denial-of-service (DoS) attack prevention. Prior to joining Cisco Systems, he was responsible for the design and implementation of pan-European networks for a major European Internet service provider.  Monique J. Morrow is a CTO consulting engineer at Cisco Systems, to which she brings more than 20 years’ experience in IP internetworking, design, and service development for service providers. Monique led the engineering project team for one of the first European MPLS VPN deployments for a European Internet service provider.