1

Today in networking class we were talking about VPNs. The prof got on topic of virtual routers and said that a way some VPNs work is by a client would purchase the service from the ISP and the ISP would have a separate virtual router for each client, so that each router has it's own routing table (and this would somehow guarantee no two separate clients get packets that's not meant for them). He said that not all VPNs use encryption. Is this true? I don't get how this would be secure, because if each node along the way from the ISP to the client's network is relaying a packet then they could see it in plain text if it's not encrypted and if they are trusted then how would this be different than a least line?

Celeritas
  • 10,089
  • 22
  • 79
  • 144
  • Maybe he was referring to MPLS? Sometimes people assert the routing of traffic across an MPLS implementation as providing separation between customers, assuming one trusts the supplier of the MPLS network and a suitable configuration has been applied there is assurance of confidentiality without the use of encryption...I would not call it a VPN though. – R15 Nov 25 '14 at 07:55
  • @R15 yes we were talking about MPLS before VPN so that very well may be it. I realized I may have a whole in my understanding. http://security.stackexchange.com/questions/73589/basic-question-about-why-its-useful-to-have-vpn-encrypt-traffic – Celeritas Nov 25 '14 at 08:35
  • I suspect someone else will answer your other question before I get a chance to look at it...but bear in mind that the threats (both in terms of attackers and the method of attack) on an MPLS network are not the same as the Internet so the motivation for using a VPN is different (though in both situations it would achieve the same thing: providing assurance of confidentiality in transit). – R15 Nov 25 '14 at 08:40

1 Answers1

2

There do seem to be these two uses of the term VPN.

Obviously the most important bit is Privacy - and many people (myself included) can only accept privacy exists if there is encryption, but as R15 mentioned, MPLS providers typically call their service VPN but rarely have encryption enabled. They rely on routing segregation.

It can be safe for some communications, but it presents a couple of key risks:

  • data in the clear could be intercepted anywhere along the route, including in the MPLS provider's network
  • routing failures could expose your traffic to other customers of the MPLS provider
Rory Alsop
  • 61,474
  • 12
  • 117
  • 321