RSS feed LinkedIn Watch us on Youtube

Activity title

Cyber Security in Virtualized Networks

Activity Reference

IST-ET-114 (COM)

Panel

Information Systems Technology

Security Classification

NATO UNCLASSIFIED

Status

Planning

Activity type

ET

Start date

2020

End date

2020

Keywords

Cyber Security, Network Function, Software Defined Networking, Virtualization

Background

Software Defined Networking: Software Defined Networking (SDN) is a rapidly emerging technology, and its impact on federated networks is investigated in IST-142-RTG on Software Defined Networking for the Federated Mission Networking. SDN allows a logically separation of the control plane from the forwarding plane. The control plane might be logically centralized, with a common decision point in the entire network The programmability of SDN-based networks has at least two obvious benefits for military networks; 1) ability to change behavior at-will based on operational requirements and 2) ability to implement specific functionality not normally found in commercial equipment. Network Function Virtualization: Similar to the technology behind cloud services, virtualization is now also an emerging technology in communications networks, called Network Function Virtualization (NFV). NFV allows for virtualization of network functions. Examples are the common functions like Routing, NAT, DNS etc., but also security functions can be virtualized. Orchestration: The emergence of SDN and NFV allows for, and requires entirely new tools for management of network and network functions. “Management and Network Orchestration” (MANO) is the new term for this function. MANO allows for dynamic management of service chains. MANO will control which network-functions should be connected to each other. MANO will use SDN to program the network between NFV-elements. Cyber security: Cyber security often utilizes technologies like Intrusion Detection System (IDS) and Deep Packet Inspection (DPI). The function of these tools is to detect anomalies in the networks. IDS and DPI are often expensive tools implemented on specific physical boxes. The placement of these tools in the network deeply affects the possibility for these tools to perform their function. There placement of these tools is also very static, and it takes great effort to change the location of these tools. Cyber security in a virtualized world: The emergence of SDN and NFV allows for a disruptive change in how to perform cyber security in virtualized networks. The basic functions like IDS and DPI can also be implemented as virtualized functions. This has several advantages: • Placement: Security functions can be dynamically placed in the network according to current needs, and not necessarily at predefined locations • Scaling: Enabling of resource intensive security functions can be enabled dynamically based on perceived threat level, and other indicators in the network • Resource: Some security functions are very resource dependent, and can therefore not be implement on all locations in the network. With SDN, actual network traffic can (dynamically) be moved to the security function instead of placing security functions at all locations • Common view of the network: With SDN, there can be one globalized view of the entire network • Strong control over network traffic: The control plane in SDN will have total control over the traffic in the network, alleviating some of the requirements for IDS. A future IDS will most likely oversee the SDN controller and its control over the network instead of monitoring the network traffic • National functionality: If some nations have specific security requirements, NFV and MANO will allow placement of national functionality in other nations’ networks. Use-case for this example is Federated Mission Networking.

Objectives

Evaluate possible cyber security functions that can be virtualized: Not all current security functions might be possible to implement as NFVs. The ET should assess different current cyber security functions and give a short discussion on converting each cyber security function to a NFV. Evaluate the benefits of dynamic placement of cyber security functions: The ET should discuss possible benefits on dynamic placement of cyber security functions. Evaluate possible benefits of centralized view of the network: The ET should discuss possible benefits of having a global view of the infrastructure. Topics to discuss are determining the normal situation, ease of doing functions like IDS, ability to re-establish a normal situation, and possible usage of AI-technologies to assess current situation.

Topics

• Explore the possibility of implementing cyber security functions as NFVs • Draw possible architectural designs on how virtualized security functions can work in a federated environment • Explore the usage of cyber security NFVs in MANO

Contact Panel Office