Information, Computer and Network Security Terms Glossary and Dictionary

Frame Relay Network Security: Vulnerabilities and Mitigations

Frame Relay, an OSI layer 2 technology, offers virtual private connection between network devices. The frame relay network consists of a group of interconnected nodes (switches), which relay the frame relay data across the network on the appropriate permanent virtual circuit (PVC). Frame Relay, used a classic Virtual Private Network (VPN) technology, has much less security risks than TCP/IP network. For this reason, Frame Relay is used by industries such as financial and government organizations to transmit high sensitivity data. However, there are still many vulnerabilities in the Frame Relay network, as listed below:

• Sniffing: Intercepting authentication or other sensitive information, often using sniffing devices (software or hardware) .
• Passwords: Guessing passwords that protect accounts or system services, particularly default passwords. Retrieving and decoding password files.
• War Dialing: Sequentially or randomly dialing every number on a telephone exchange to detect unprotected modems at desktop systems, servers or routers to gain access to, or control over, networks.
• Spoofing: Deceiving the network so that it recognizes an unauthorized, possibly external, desktop system as an authorized, internal desktop system to gain unauthorized access to networks and/or sensitive data.
• Hijacking: Intercepting authenticated sessions to preempt access by a desktop system to gain control of a session with access to highly sensitive information or business procedures.

Frame Relay Security Risk Mitigation

The most important defenses against these attacks are the encryption of highly sensitive data in storage and in transit across networks, and the use of strong authentication to control access to stored data such as critical systems and business processes.

A frame relay encryption device offers secure communications on an end-to-end basis, establishing a virtual private network within the public frame relay network. To ensure that no modification has occurred to the data during its transmission, and to verify the source of the frame, a frame relay encryption system should have a cryptographic authentication field attached to the frame relay packet. All packets sent to a DLCI designated as cipher should have a crypto authentication code at the beginning of the user data field. If the crypto authentication header is missing or incorrect, the packet is rejected, thereby forming a firewall between the WAN and the router or FRAD on the receiving end of the transmission. As a result, this provides assurance that only authorized incoming and outgoing messages are permitted.

Related Terms

Frame Relay Security, Sniffing, War Dialing, Spoofing, Connection Hijacking

Reference Links

http://www.tccsecure.com/fr_Security_Guide.html: Frame Relay Security Guide