Asynchronous Transfer Mode
Asynchronous Transfer Mode |
|
ATM is intrinsically secure, since under normal circumstances you cannot connect to the ATM services themselves from the outside. Anyone attempting to connect to LANE services from outside the emulated LAN must first contact a bridging entity (such as Ethernet and Token Ring edge device bridges or an ATM-to-Ethernet router). This means that the easiest way for you to control access to LANE connections from the outside is by not connecting any legacy components to your ATM switch.
From the inside, access can be controlled by changing the ELAN name and the ARP server address from the default values to more secure specific names and numbers. You can make these changes as part of a larger effort to create a set of multiple ELANs that are transparent to one another, but that provide different levels of security. Since ATMARP must be used between components of the network, the entire network can be secured by changing the ATMARP server address; the new name acts as a form of password for any client seeking to log on the network and register itself with the ATM switch.
The VPI/VCI join (sometimes called an ILMI join) is the first option that almost all LECs try when seeking to join an ELAN. This ability can be secured by setting up MAC address filters, usually in the LECS but sometimes in the ELAN/VLAN level that disallow a join for an unknown MAC address. This type of join is secured on some switches by turning off the use of ILMI by the LECS. The next most common method is by Well Known Address (WKA) which uses a fixed ATMF NSAP (47.00.79.00.00.00.00.00.00.00.00.00.00.00.a0.3e.00.00.01.00).