By: Rob Marson

Back to the Future

I recently read an article online entitled: “Virtualization is Going Mainstream”. The dateline was January 1, 2006. It’s a good reminder that while the service provider industry working on deploying virtualized networks, the concepts and technologies themselves are not new. 

Cybersecurity, specifically securing access to physical and virtual networks and resources, is another key area. A recently released study by Kasperksky Labs concludes that when a security incident involves virtual machines, the recovery costs double compared to that of a traditional environment. It is clear that some of the operational challenges encountered from the enterprise IT experience could be harbingers to some of what awaits service providers as they race to virtualize their networks and implement new technologies such as Software Defined Networks (SDN) and Network Function Virtualization (NFV).

The Days of Security-Through-Obscurity Have Ended

Service provider networks are complex by nature – they span multiple technologies, vendors, geographies, and support millions of end users. Services will extend across wired and mobile networks, and span virtual and physical infrastructure. Equally complex are the business processes and operational challenges to order, administer, maintain and scale services. Management, security, and visibility strategies must also become flexible and adaptable enough to address hybrid environments that encompass both legacy and newly virtualized functions. It’s vital to remember that services traverse heterogeneous, physical and virtual networks.

Service provider networks have, in the past, been shielded from a lot of security threats because of obscurity. Proprietary protocols and custom hardware required specialized skill sets.  That all changes with SDN and NFV. Admittedly, there are many considerable and important differences between enterprise virtual machine (VM) workloads and the data plane intensive virtual network functions (VNFs) that will be used by communication service providers like components of a mobile evolved packet core (EPC) such MMEs, SGWs, and IMS core elements. Therefore, implementing mission-sensitive networking applications using cloud technologies may impact performance in unforeseen or unacceptable ways, require accurate system configurations, and could introduce new unintended security risks.

Traditional hardware-based networks are not immune from security attacks either. In the past, attackers were primarily targeting infrastructure devices to create denial of service (DoS) situations. Increasingly, networking devices such as routers are becoming a high-value target for attackers. By penetrating network infrastructure attackers can gain access data flows as well as launch attacks against other parts of the infrastructure.

Take, for example, the recently SYNful Knock attack.  While the attack could be possible on any router, the targets were Cisco routers and involved a modification of the router’s firmware image creating backdoors for attackers. The backdoor password provides access to the router through the console and Telnet. This attack isn’t the result of a problem or vulnerability the router itself the result of attackers obtaining administrative credentials allowing them to load a modified version of operating system software. The keys to this attack are nearly always privileged user credentials. 

The Hypervisor – Protect at all Costs

There are many potential security issues with the various components of a virtualized infrastructure, and no component is more critical than the hypervisor – the foundational element of virtualization. The hypervisor is a piece of software that provides abstraction of all physical resources such as CPU, memory, network and storage. It enables multiple computing stacks consisting of an operating systems, middleware and applications to be run on a single physical host. Individual computing stacks are encapsulated into instances called Virtual Machines (VMs), which are independent executable entities. VMs are also referred to as “Guests” and the operating system (OS) running inside each of them as “Guest OS”.