Clarification needed on ATM

OK - sorry if this is elementary - however I am dealing with a challenge
to the security of some ATM links that we have connecting remote
facilities to a main campus. The connections are all PVPs with individual
PVCs defined point to point. The concern that is being raised is that
although these connections appear point-to-point PVCs to the router
interfaces at our sites and our main campus - they are more than likely
switched SVCs on the provider backbone...

I had thought that a PVC was a nailed up connection between vpi-vci pairs
throughout the provider ATM network - is that an incorrect assumption? And
if so is the scenario that was raised possible/probable and a concern?

Thanks for any info kids...

You are only nailing the PVP/PVC to your physical port. The provider almost certainly has sPVP/C's to route througout their actual ATM backbone, each of those routes with a destination NSAP of your ATM port (the port that terminates your physical link)

I'm not sure how this raises any security issue since any traffic that you feel should remain secure must be encrypted long before it reaches your carriers transit backbone.

Were these statically mapped (which I might add would be a horrific job for the network engineers and admins at a carrier) then one link failing in between any of your facilities would cause the entire PVP/C to collapse. sPVP/C's on NNI links are very common and beneficial/necessary to continuity on an ATM network.

Rich Sena wrote:

Do the security analysis further. You only care about the difference if
it means that different classes of people can do Something Evil to you.

So, for instance, if you asked for fiber because it requires physical access
and at least a bit of clue to tap, and instead one hop is over microwave,
that *is* a problem, because you can often tap microwave without having to get
physical access to the towers. I would say that the actual media used
for the circuit *is* a valid security issue. On the other hand, the media
used probably has little or no relationship to whether it's nailed or not.

So let's think. There's two classes of people you need to worry about:

1) rogue employees of your carrier. Here, the distinction doesn't matter,
because they can do Something Evil whether it's a nailed connection or
a virtual connection.

2) outside agents. Again, if they can do Something Evil when it's a virtual
connection, making it a nailed connection won't slow them down much.

If your security needs are so stringent that you care about the distinction
between virtual and nailed connections, it's time to start deploying in-depth
defenses:

Yes, somebody could hijack a virtual connection by hacking one of the
switches involved, to either perform a MITM attack or a DoS attack.

In the first case (MITM attack), you should be using an end-to-end
authentication/encryption scheme. After all, MITM attacks can happen elsewhere
along the path (it's amazing how many cases I've heard of where a rogue PC or
hacked server on the same subnet as the target server was used to MITM by the
simple expedient of sending forged ICMP Redirect packets).

In the second case (DoS), you should be utilizing multihoming (remember
that they can DoS you by using a chainsaw - you slice the cables, it doesn't
matter what sort of connection it used to be. Anybody who hasn't had a chat
with a backhoe operator hasn't been in this business for long

Also, remember that although outside hackers from some 2nd/3rd world country
are getting all the attention, the *really* bad news is usually a disgruntled
(possible former) employee.