MPLS WAN Encryption – It’s time

Is MPLS secure? All the MPLS vendors use the term VPN (Virtual Private Network), implying some level of security. But in reality, MPLS is not encrypted and therefore subject to snooping. But of course, you have no way of knowing one way or the other.

Mike Fratto at Network Computing wrote a nice piece a couple of months ago explaining the situation.

If you talk to the WAN services folks at a carrier, their definition of a VPN will be an overlay network that is carried by another network over shared infrastructure. By the carrier’s definition, a telephone call over a PSTN is a VPN. The carrier definition is very different than the other definition of a VPN as an authenticated and encrypted layer 3 tunnel between two nodes, with one node being a network. The former definition assumes that the carriers employees are trustworthy. The latter definition doesn’t care if they are or aren’t.

In addition, compliance regimes like MA 201 CMR 17 and HIPAA are mandating WAN encryption.

To encrypt MPLS traffic and really all wide area network encryption, we recommend CipherOptics.

Enhanced by Zemanta