No matter how secure a company's network is, hackers will still look for vulnerabilities, especially when it comes
to virtual private network (VPN) connections. Often, hackers will try to "piggyback" onto an existing VPN connection that a remote worker has established, either inserting viruses into a system or removing and viewing sensitive files.
"The biggest piece (of VPN security) is not necessarily security but management," said Douglas Zolnick, chief technology officer at AtLink Networks, a company specializing in VPN services.
Signing on with a VPN provider that features its own asynchronous transfer mode (ATM) backbone is one way to circumvent hackers. ATM evolved out of the X25 protocol, which was the first packetized application in the telecommunications world, according to Zolnick. As telecom networks improved, frame relay networks were created, and the next step from there was ATM, he said. ATM creates a fixed link cell out of the information sent through the network.
"Essentially, the connections in an ATM network are inherently secure because the connection path is administered," Zolnick said. "There is no public knowledge to the connection path."
"With IP (Internet protocol) networks, because they're public, anyone can attempt to intercept information not designed for them," Zolnick said.
An IP VPN is often done with the IPsec protocol and data encryption using data encryption standard (DES), according to Zolnick. These VPNs set up a tunneled connection from the source to the destination, and the user is responsible for much of the data security and encryption, he said. "In the IP world, information is still available to everyone on the public Internet," Zolnick added.
"With ATM or frame relay networks, there is no way for anyone, other than the source and destination, to get to the information," Zolnick said.
"Our approach is that we offer the customer the desired level of security," Zolnick said. ATM, cell relay and frame relay networks offer inherent security, while AtLink's IP and IPsec services are network-based and can allow internetworking with customer premise-based encryption and tunneling, he said. The frame relay and cell relay connections permit customers to adapt the traffic to the format and carry on secure connections across AtLink's private ATM backbone, he added.
AtLink's security is either inherent to the technology, ATM or frame relay; inherent to the AtLink network design, which involves private domain routers; or on a per-customer, per-premises-based model, supporting encryption and tunneling, according to Zolnick.
Using a frame relay and/or an ATM cell relay network makes it impossible for a hacker to gain access to a network, according to Zolnick. "Because all of those configurations are established at the network operations center, (the hacker) would have to break into the network management... systems to reconfigure connections," he said. Even then, the hacker does not have access to the network traffic passing through the systems, and if the hacker did attack the frame or cell connection, an alarm would go off and alert the systems managers, Zolnick added.
"The biggest thing are the three perspectives (of security)," Zolnick said. "Either security is inherent to the technology, achieved through the network design of the carrier or achieved through additional equipment at each of the customer's locations." Zolnick noted that the level of security realized by an ATM or frame relay network cannot be matched by IPsec or premised-based solutions.
"When we talk about security, it's bi-directional," Zolnick said. Outgoing security means that the information that a customer wants to keep private stays private, while incoming security means that unwanted information or files -- including viruses that are distributed across public networks -- don't enter a customer's network, he said.
"ATM and frame relay have both levels of security at the same time," Zolnick said. "In IP (networks), you're continuously under attack from viruses (and) need to add another layer to security," such as firewalls," he said.
FOR MORE INFORMATION