>Does anyone know of any inherent security problems in Frame Relay ?
>
>If there are, any pointers to workaround documentation would be
>greatly appreciated.
>
>Regards,
>
>Richard
We use it extensively, and we have only had one worrysome problem that we
know of. One day we discovered our own RIP packets coming in from the
Internet. We had been trying out two frame relay vendors, and the equipment
from the vendor we didn't opt for was powered down waiting for them to
collect it. Somebody powered it back up. It is unclear whether it was still
connected to our net, but it was still connected to the frame relay net.
The other end of its logical connection must have been live to somebody
else's network. The box produced its RIP packets with a 158.140 broadcast
address and dumped them onto this other site's network which then merrily
forwarded them back to us where they were duly dropped and logged by our
firewall.
In light of this problem I would say that the largest risk in Frame Relay
is misconfiguration by the vendor causing "crossed lines". How much more
likely this is than with other forms of connection I do not know.
AL
---------------------------------------------------------------------------
Alastair Young _ Ariel NH
Cadence Design Systems, Information Services )/___ _ Red Hunter
555 River Oaks Parkway, 4B1 __/(___)_*##/c
San Jose CA 95134 Fax: (408)894-3487 / /\\|| \ / \ Brakes'n'lites
alastair @
cadence .
com (408)428-5278 \__/ ----'\__/ novel eh?
---------------------------------------------------------------------------
These statements and opinions are mine, not those of Cadence Design Systems
|
|
