Hi Dusty, Full disclosure: I work for VMware (we have a SD-WAN offering) but I’ll keep it agnostic—
On Mon, 31 May 2021 at 12:49 pm, dusty <dusty...@gmail.com> wrote: > Hi Folks, > > After a number of years being more managerial than technical, I find > myself staring at a proposal to swap a perfectly good MPLS network with > some Meraki shenanigans. > > This, frankly, gives me the heebie jeebies. > > I've done a bunch of poking around but, alas, it is remarkably difficult > to locate reliable analyses of the actual security (or lack thereof) of > these solutions - plenty of glossy marketing and whizzbang, not a lot of > facts. > > Can anyone point me in the direction of some decent whitepapers, blogs, > etc about the relative merits of these things? > > Thanks! > --dusty (in Brisbane) > (tl;dr: talk to your friendly vendor SE.) What sort of collateral would you look for, to give warm fuzzies, if you were evaluating a traditional WAN routing platform? You should be able to find security whitepapers and other technical documents that describe management and data plane security, use of crypto/PKI etc. Vendors targeting enterprise customers should be putting their products through security evaluation frameworks such as Common Criteria — look for certification, in-flight or completed, against the Network Device collaborative Protection Profile (NDcPP) plus optional modules like VPN. Crypto libraries may be FIPS 140-2 [US centric] certified. For vendors offering things as-a-service, certifications and statements of conformance against other regulatory frameworks should be applicable (SOC, FedRAMP [again US centric], IRAP etc. may exist). Cheers, Dale
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog