cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
paul200310
Newcomer III

Teleco Security flow

We often used IPsec VPN, Site-t-Site VPN and implement different kind of encryption suit but do we focused on Telecom backbone like transmission mask, were multiple customer data exchanging. Do they enforce SSL inspection while transposing data via under sea fiber. Are we really check that same frequency or oscillation used by some other service prover. Anyone tapping data in between customer and cloud service provider that is not traceable anymore and there are no such Cyber Control take places.  

Cyber
7 Replies
Cheryl
Newcomer I

thanks for highlighting this risk. I think many of aren't implementing integrity and monitoring practices yet. I will review this with my team. thanks!

ivojolu
Viewer

Typically Telcos do not encrypt the data they transmit, thus eavesdropping is possible but not easy, as they configure their lines and interconnections as private connections. You can ask the telco you use for guarantees on the  confidentiality of the data you transmit, but probably they will promise only a 'best effort' protection. If this is not sufficient for your data, then you shoud implement yourself a strong endpoint-to-endpoint or site-to-site encryption technology.

 

paul200310
Newcomer III

but we don't know everyday how much information espionage through the DWDM and SONAT ring. We you know TAP can be deployed any such backbone.

https://www.gigamon.com/products/visibility-nodes/network-taps/g-tap-g-series.html

https://www.ixiacom.com/products/network-taps-regenerators-and-aggregators

End-to-End not secure because to high jack such information only way to have sniffer on your internet raw Ethernet link .

 

   

Cyber
Cheryl
Newcomer I

yes I think the IDN (Tempered and Dispersive) and SDN (Cisco, Juniper, etc) solutions are really starting to help secure critical information across these vastly expansive communication networks. The use cases for needing this are quite interesting with the proliferation of DERs and the necessity to secure remote facilities and communications. 

JLundy
Newcomer I

I don’t undestand the question. SSL inspection by the telco? That kind of defeats the purpose of the method: the endpoint would have to accept a bogus inspection certificate. VPNs treat all networks as untrusted, including undersea cables. 

 

Communication channel providers are likely more interested in encoding that detects and corrects errors than providing confidentiality. The best practice is to encrypt end-to-end communications if you’re concerned about confidentiality. This includes “internal” traffic. 

paul200310
Newcomer III

But Under sea cable only carry L2 not L3 so anyone can track what is going on inside fiber/copper while trans passing such VPN traffic as well. Telco equipment are talk with each other NSAP address. There is no such encryption being enforces.

  

Cyber
JLundy
Newcomer I

VPN encryption takes place above L2 and L3. Content is encrypted. Telcos can’t invisibly decrypt VPN traffic.