Page 58 - Cyber Warnings
P. 58
With DNS-related security issues requiring additional attention as carriers adopt NFV, they
should ensure that their security environment meets these requirements.
Security for NFV should be built into the DNS architecture instead of bolted on. A higher
degree of integration through the use of a DNS-specific protection helps minimize gaps
in coverage that may be left by add-on solutions and can easily be exploited by
attackers.
To minimize the impact of an attack as it happens and address it as quickly as possible,
the virtualized network needs to be able to rapidly scale resources by spinning up new
machines without the need for operator involvement. Automatically adding capacity while
the attack is managed prevents service interruption. In return, this reduces lost revenue
and productivity.
With dangers such as zero day vulnerabilities, NFV-based security should have the
capacity to detect previously unknown threats by continuously analyzing network
behaviour, while also defending against established threats such as off-the-shelf attack
toolkits designed for a specific kind of attack.
A DNS security strategy for NFV should include internal as well as external analysis and
resource tracking. While many threats such as DDoS attacks may be external, malware
on existing VMs is just as dangerous. The virtualized infrastructure needs the ability to
track virtual machines that are provisioned, analyze their IP addresses, and monitor all
traffic to detect suspicious behaviour on virtual machines in real-time. Additionally, it
should have the ability to quarantine VMs to prevent the infection from spreading.
Because configuration issues lead to security and performance problems, security in the
NFV environment should include network discovery and automation tools that determine
what network functions are properly configured and identifies potential problems.
With each new generation of technology, network planning has had to work to manage the risks
while gaining the rewards, and NFV is simply the next step in creating tomorrow's highly
dynamic, automated networks. When service providers proactively address security during the
implementation process rather than as an afterthought, the result is a flexible, transparent
network that meets immediate and future needs while keeping valuable resources safe.
About the Author
Dilip Pillaipakkamnatt,
Vice President, Service Provider Business, Infoblox
58 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
