Many enterprises are realizing the benefits of using MPLS to deliver high-speed data routing. Itβs efficient, highly scalable and cost effective. It also has a reputation for high security. New research shows that getting the initial implementation right is critical to successfully realizing long-term security benefits.
A May 2013 commissioned study conducted by Forrester Consulting on behalf of AT&T found that while there is widespread concern over potential losses of data, 17% of businesses do not believe MPLS itself has significant security threats.
This could mean they fail to take vital steps to protect themselves when implementing MPLS. The reality is that there are a number of security issues that can affect MPLS, including:
- Denial of service (DoS) made possible by attackers inserting new, compromised paths into the network
- Enumeration of labels, opening the network to brute force attacks
- Label information base (LIB) poisoning enabling attackers to manipulate the labeling system
- Label information disclosure allowing attackers to set up rogue paths and capture sensitive packets
- Plain IP traffic forwarding opening up other devices on the core network as possible attack vectors
Any assumption of MPLS invulnerability is simply not completely accurate and should be planned for early in deployment.
This research report is essential reading for any IT professional looking to implement a secure MPLS network across their organization.
MPLS is not an inherently secure protocol if the implementation is not done correctly. The design of the network and the configuration of the edge and core routers are critical to ensure the network remains secure.