newb question

Answered Question
Dec 3rd, 2007
User Badges:

This may be a rudimentary question but I really havn't seen an answer to it in my CCENT/CCNA studies yet.

I can't seem to wrap my head around the idea of point to point links in relation to the privacy and integrity of the data crossing that link. I also am having a hard time framing the question(s) so bear with me.


1. I guess the best way to phrase the first part is are point to point links as good as having a vpn tunnel or do you still need to use VPN technology in it's various forms over these links to ensure data privacy and integrity? I could see that it would be possible if you only traverse one providers network linking geographically close branch offices but if you were to cross another provider's network, who knows what they're doing with the traffic. HDLC/PPP don't really do anything to obscure the data contained in the frames right?

2. This part of my question is not related to security but is an extension of the above question. Point to point links provide what the term implies meaning connecting two relatively geographically distant locations, it is not actually a gateway to the internet at large, correct? Would you need a second service as a gateway to the internet?


I apologize for the newbieness of these questions but if you look back to the CCENT/CCNA self study materials they really don't answer these questions, at least not that I can find.

Correct Answer by Jon Marshall about 9 years 6 months ago

Hi Edward


1) Point to point links are usually considered secure because your'e traffic is kept separate from other customers traffic. Note that point to point in this sense can mean a physical point to point link or a virtual point to point link such as an ATM virtual circuit.

With point to point links you generally do not cross another providers network, you use one providers network to connect up your sites.


If you do not trust your provider with the confidentiality of your data then you could VPN the traffic across the links although it is not very common to VPN traffic down dedicated P2P links.


However any provider that was found to be tampering with data would not last very long.


2) Point to Point links are just a generic concept. They go from one point to another so it's rather vague as to whether you can have a P2P to the Internet. For example we have a dedicated Flex circuit with BT that gives us Internet activity. Is this a point to point - in one sense yes because it is a dedicated link between us and BT.


But i would agree in principle that a P2P link would generally be between 2 geographic locations.


Please come back if some of this is not clear


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 12/03/2007 - 23:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Edward


1) Point to point links are usually considered secure because your'e traffic is kept separate from other customers traffic. Note that point to point in this sense can mean a physical point to point link or a virtual point to point link such as an ATM virtual circuit.

With point to point links you generally do not cross another providers network, you use one providers network to connect up your sites.


If you do not trust your provider with the confidentiality of your data then you could VPN the traffic across the links although it is not very common to VPN traffic down dedicated P2P links.


However any provider that was found to be tampering with data would not last very long.


2) Point to Point links are just a generic concept. They go from one point to another so it's rather vague as to whether you can have a P2P to the Internet. For example we have a dedicated Flex circuit with BT that gives us Internet activity. Is this a point to point - in one sense yes because it is a dedicated link between us and BT.


But i would agree in principle that a P2P link would generally be between 2 geographic locations.


Please come back if some of this is not clear


Jon

edwardwitte Tue, 12/04/2007 - 07:14
User Badges:

Thank you Jon for your time and a great explanation.

Ed

Jon Marshall Tue, 12/04/2007 - 07:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ed


No problem, glad to help. Appreciate the rating as well.


Jon

jeremyault Tue, 12/04/2007 - 09:07
User Badges:

I'd like to add 2 cents as food for thought.


Most T1 circuits ride the same copper pairs as phone lines. Tapping a phone line is easy at multiple points of the "outside plant". Therefore, logic tells me tapping a T1 should be just as easy.


Read this: http://www.ostgate.com/outsideplant.html


A line can be tapped on an external demarc on the back of the building, at a shared demarc in a multi-tennant building, pedestal box, in a cabinet, in the "boot", on the cable, or anywhere between the phone company's building, and the targeted business.


Just because it's a point-to-point circuit doesn't mean the cabling physically secure end-to-end.

Actions

This Discussion