There has been lots of discussion on this list about firewalls - but not a
lot about the security of IP networks that a glued together via tunnelling
over a third-party internet connected IP network. We are in a situation
where we might be doing this - and are not very aware of the technologies
out there. The vendor we are potentially using recommends using the IP
over IP tunnelling functionality available in CISCO routers.
Now - obviously a lot of firewall issues do not apply - primarily due to
the fact no IP traffic actually leaves or enters the internal network, and
no services are provided outside. Some issues do obviously still apply,
and may even be more accute. The tunnell routers will obviously have some
sort of access lists so that only other tunnell routers can gain access -
though the usual problems still apply. IP spoofing needs to be guarded
against. Encryption may be useful. Obviously if someone penetrated the tu
nnelled virtual network then they are on the inside.
Basically, I'm interested in hearing from people who have had experience
in doing something like this, and what sort of issues are significant.
Also products that are of use in this scenario would be on interest.