1. Why is VPN / MPLS VPN popular amongst IT people despite the inherent vulnerability it
inflicts on the connected data bases?
VPNs are themselves laid out over telecom service providers IP networks – see
attached PowerPoint presentation VPN.ppt, along with all other public data services
and the Internet. Thus internal data bases connected through such VPN / MPLS VPN
networks can be accessed from the public domain networks for reasons explained in
Slide 3 of this presentation.
However, most IT consultants and System Integrators lead their customers to believe
that their data bases are secure when connected through VPN / MPLS VPN networks.
They do it for the following reasons
A. It means less work for them – they do not have to write router tables as is required for
point-to-point leased lines.
B. They lead customers to believe that it is cheaper to have VPN / MPLS VPN networks
than point-to-point leased line networks. This is again a myth as is shown in the
attached document MPLS-P2P.doc.
C. Customer IT managers also find this convenient as their work is also reduced since
they are connected to the service provider through a single or two WAN port router to
the nearest VPN node of the service provider. For any network problem they haul up
the service provider and sit back themselves.
D. Thus customer IT managers choose the easy way. This is fine as long as there is no
intrusion on the data bases from hackers sitting in the public domain who have
continuous physical access to the VPN router ports. The troubles will start if and
when data bases get hacked. They will get into a nightmarish situation in trying to
retrieve the data bases if there is anything left to retrieve. The easy way is the hard
way.
E. If on the other hand, the Consultant, the system Integrator, and the IT managers of
the company took the trouble of setting up a point-to-point leased line network by
configuring the router tables of their private network, the hard way; the network will
then be free from any intrusion from hackers as such a network denies physical
access to the public domain and consequently to hackers. There will be no hacking
and the Network administrators and the IT managers will have a trouble free life – the
easy way. Thus the hard way is the easy way.
“The hard way is the easy way, and the easy way is the hard way”
Page 1 of 1