Asynchronous Transfer Mode (ATM) Networks: Security Vulnerability Research
Susan Labonte - MITRE Corporation
Dec 03, 1999
AbstractATM networks are being implemented without widespread knowledge of whether security vulnerabilities are inherent in ATM protocols or vendors's implementations. Given the complexity of ATM, and that such complexity typically leads to vulnerabilities, it is likely that deployed ATM networks are vulnerable to attack. Network administrators may not be equipped to recognize the attacks or protect against them.
This talk will describe a project that is investigating security vulnerabilities in ATM networks and developing penetration tools to exploit them. A primary focus of the project is the ATM Forum's LAN Emulation (LANE), which is designed to allow existing LAN (e.g., Ethernet) applications to run over ATM networks. An area being researched is the use of traditional Ethernet attacks against Emulated LANs. Another area being researched is the inherent vulnerability of implementing the ATM Forum's LANE protocol as specified.
About the SpeakerMs. Labonte received her B.S. in Electrical Engineering from Worcester Polytechnic Institute in 1986 and began working for MITRE on tactical data links for the military, with particular emphasis on international data link implementations, COMSEC issues, and interoperability testing. In 1998, she joined MITRE's Information Warfare and Secure Systems Engineering department as an INFOSEC Engineer, and has been involved with researching network vulnerabilities and demonstrating attack tools.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.