Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
paul200310
Newcomer III
‎10-29-2017 11:06 AM
‎10-29-2017 11:06 AM

Teleco Security flow

We often used IPsec VPN, Site-t-Site VPN and implement different kind of encryption suit but do we focused on Telecom backbone like transmission mask, were multiple customer data exchanging. Do they enforce SSL inspection while transposing data via under sea fiber. Are we really check that same frequency or oscillation used by some other service prover. Anyone tapping data in between customer and cloud service provider that is not traceable anymore and there are no such Cyber Control take places.  

Cyber
Reply
0 Kudos
7 Replies
Cheryl
Newcomer I
‎10-29-2017 11:19 AM
‎10-29-2017 11:19 AM

thanks for highlighting this risk. I think many of aren't implementing integrity and monitoring practices yet. I will review this with my team. thanks!

Reply
0 Kudos
ivojolu
Viewer
‎10-29-2017 11:28 AM
‎10-29-2017 11:28 AM

Typically Telcos do not encrypt the data they transmit, thus eavesdropping is possible but not easy, as they configure their lines and interconnections as private connections. You can ask the telco you use for guarantees on the  confidentiality of the data you transmit, but probably they will promise only a 'best effort' protection. If this is not sufficient for your data, then you shoud implement yourself a strong endpoint-to-endpoint or site-to-site encryption technology.

 

Reply
0 Kudos
paul200310
Newcomer III
‎10-29-2017 11:43 AM
‎10-29-2017 11:43 AM

but we don't know everyday how much information espionage through the DWDM and SONAT ring. We you know TAP can be deployed any such backbone.

https://www.gigamon.com/products/visibility-nodes/network-taps/g-tap-g-series.html

https://www.ixiacom.com/products/network-taps-regenerators-and-aggregators

End-to-End not secure because to high jack such information only way to have sniffer on your internet raw Ethernet link .

 

   

Cyber
Reply
0 Kudos
Cheryl
Newcomer I
‎10-29-2017 11:43 AM
‎10-29-2017 11:43 AM

yes I think the IDN (Tempered and Dispersive) and SDN (Cisco, Juniper, etc) solutions are really starting to help secure critical information across these vastly expansive communication networks. The use cases for needing this are quite interesting with the proliferation of DERs and the necessity to secure remote facilities and communications. 

Reply
0 Kudos
JLundy
Newcomer I
‎10-29-2017 12:57 PM
‎10-29-2017 12:57 PM

I don’t undestand the question. SSL inspection by the telco? That kind of defeats the purpose of the method: the endpoint would have to accept a bogus inspection certificate. VPNs treat all networks as untrusted, including undersea cables. 

 

Communication channel providers are likely more interested in encoding that detects and corrects errors than providing confidentiality. The best practice is to encrypt end-to-end communications if you’re concerned about confidentiality. This includes “internal” traffic. 

Reply
0 Kudos
paul200310
Newcomer III
‎10-29-2017 01:22 PM
‎10-29-2017 01:22 PM

But Under sea cable only carry L2 not L3 so anyone can track what is going on inside fiber/copper while trans passing such VPN traffic as well. Telco equipment are talk with each other NSAP address. There is no such encryption being enforces.

  

Cyber
Reply
0 Kudos
JLundy
Newcomer I
‎01-29-2018 02:41 PM
‎01-29-2018 02:41 PM

VPN encryption takes place above L2 and L3. Content is encrypted. Telcos can’t invisibly decrypt VPN traffic.
Reply