About Us Products & Services Our IP Network Customer Support Resource Centre
Search
Contact Us
Sitemap
Home
  Extensity Newsletter
Vol. I   Issue 8   Nov, 2003
CASE STUDY
KNOW-HOW
EMERGING PICTURE
TECH TRENDS
INSIGHT
1000 WORDS
SIFY NEWS
 
Previous Issues
 
You are here : Home | Extensity Newsletter | Know-How

MPLS and IPLC

You have an organization with global presence. Now, you require a point-to- point private line for your organization. After all, business data exchange, internet access and other such needs call for a dedicated network of your own. So, which technology do you go in for?

Two technologies that can be considered at this point are MPLS (Multiprotocol Label Switching) and IPLC (International Private Leased Circuit). We need to examine the basic operation of these technologies before attempting a comparison.

MPLS is a standards-approved end-to-end circuit technology that speeds up network traffic flow and makes it easier to manage. MPLS involves setting up a specific path for a given sequence of packets, identified by a label on each packet.

An IPLC (international private leased circuit) is a point-to-point private line used by an organization to communicate between geographically dispersed offices throughout the world. An IPLC can be used for Internet access, business data exchange, video-conferencing, and any other form of telecommunication.

MPLS vs IPLC

MPLS is called multiprotocol because it works with the Internet IP, ATM, and frame relay network protocols. With reference to the OSI model, MPLS allows most packets to be forwarded at the layer 2 (switching) level rather than at the layer 3 (routing) level. In addition to moving traffic faster overall, MPLS makes it easy to manage a network for quality of service (QoS).

A Label Switch Path (LSP) can be established in MPLS that crosses multiple Layer 2 transports like ATM, Frame Relay or Ethernet. Thus, one of the true promises of MPLS is the ability to create end-to-end circuits, with specific performance characteristics, across any type of transport medium, eliminating the need for overlay networks or Layer 2 only control mechanisms.

IPLC basically uses Layer 3 (Routing) to build a path for the data to flow in the network. Data routing in an IPLC is done using complex route lookups based on the destination IP address. The routing hardware finds the shortest path between the source and destination IP addresses to send data. This can be a hardware intensive task in times of heavy traffic leading to slower data traffic speeds. With hardware becoming more powerful every day, this is not such a major issue.

However, IPLC has major drawbacks in situations where traffic engineering and setting performance characteristics for different classes of traffic are required. Factors like delay and jitter also come into the picture in an IPLC connection that can cause major drops in QoS levels. This can cause problems in networks where data like video-conferencing are used.

MPLS has an edge over IPLC on this front since it provides network administrators the ability to set the path traffic will take through the network, and set performance characteristics for a class of traffic.

Security Policies Implementation in Enterprises: Challenges Faced

Introduction :

Security policies in Enterprises have faced tremendous challenges during implementation.

A proactive approach to security policy and compliance offers a more effective means of managing these challenges. By understanding the challenges that come across while implementing standards, acceptable use policies, and information classification and handling procedures, enterprises can significantly reduce their workload.

Challenges faced during policy enforcement :

Organizations commonly treat policy enforcement as a project rather than an ongoing business process. For example, an organization may review and develop policies once every few years, launch a security awareness campaign once a year, making it very ineffective. To make policy management an ongoing process that is practical and effective, policy enforcement should be repeatable and measurable. To do so, organizations must overcome hurdles related to the establishment of metrics, organization of security resources, limitations of existing technologies, sheer scale of the enterprise and scarcity of required expertise.

Metrics

Most managers understand that "you can't manage what you don't measure." Security policies are often difficult to enforce because organizations rarely generate metrics for policy compliance. Key security policy metrics must include:

  1. Metrics should include the percentage of employees that have attended security awareness programs within the last year and quiz results based on key policies and security topics.
  2. Metrics should illustrate compliance levels of key technologies based on risk. How well are their mission critical technologies (e.g., operating systems, databases, and web servers) complying with policies and standards regarding security configuration and patch levels.
  3. How many employees are abiding by key policies such as acceptable use policies and information classification and handling policies? Metrics should include the number of times acceptable use policies for e-mail and web are being violated or violations are attempted.

Only with the right metrics can security officers quickly hone in on critical problems and spend resources where they face the greatest risk.

Organization

In many cases, organizations create a policy compliance group as part of the internal audit and/or information security team. Unfortunately, these groups often do not include representatives from each business unit level or from the IT department to ensure enforcement of security policies. Policy enforcement processes should be integrated with other business processes to ensure consistent and continuous application of policies. For example, technical compliance procedures should feed change management procedures to make sure policies adapt to reflect a changing business environment.

Technology

Most of the fundamental technologies such as operating systems, databases and web servers are not designed to adequately enforce key security policies; it is essential that technology issues be addressed through:

  1. Users should be prevented from browsing illicit web sites, downloading or uploading inappropriate files and engaging in other dangerous web and instant messenger activities.
  2. Users should be prohibited from sending sensitive or classified materials, such as those labeled "Company Confidential," outside the company via e-mail or instant messenger.
  3. Organizations should be able to determine which systems are out of compliance with their official security policies and standards and take action to correct exposures.

Only by implementing procedures and tools for enforcing policies, can an organization effectively and efficiently protect itself.

- Montu Das

 
 
Search Engine Marketing by Sify SEO
  Best viewed at 800 by 600. Copyright © SIFY Limited. All rights reserved.
Privacy Statement Disclaimer