What's Next For Network Security

A 'vanishing' physical network perimeter in the age of mobile, cloud services, and IoT, is changing network security.

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Network security as we know it ultimately will operate hand in hand with software-defined networking (SDN) and virtualization, security experts said at Interop 2016.

SDN could be a game-changer like virtual machines were, says Cameron Camp, a security researcher at ESET, “If you understand it and know how to do the hard work of network security, you’re going to do better with SDN,” he says.

It’s a logical evolution: as the network and its services become more software-driven and virtualized, it only makes sense that security would join the party. SDN is an emerging network architecture that is becoming popular in data centers.

But a software-defined network architecture comes with some security risks of its own. It leaves organizations open to internal distributed denial-of-service (DDoS) attacks, says Camp, who in a presentation here tomorrow will show how malware can enter virtual environments. It’s possible to hack a virtual machine and basically “blow up that whole box and the network with it,” he says.

“You can take the first few digits of a MAC address and ... know it’s a VM,” he says. “You can take that VM and pop it and do resource-exhaustion” and use that to DDoS the SDN. That would be an ironic twist, of course, since SDN can be used to mitigate external DDoS attacks.

“You have to start looking at internal DDoS defense, but no one is doing it,” he says. “You have to start thinking about ways you would attack this network: SDN has VMs ... and there are going to be larger enterprises that are going to be hit because it’s a more expansive attack surface. If you can get into one of those VMs .. you can tailor your payload and see it’s easy to destroy and pivot.”

The best bet for protection would be to incorporate network defenses within those same boxes, Camp and other experts say.

Read the rest of this article on Dark Reading.

About the Author

Kelly Jackson Higgins

Executive Editor at Dark Reading

Kelly Jackson Higgins is Executive Editorat DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, CommunicationsWeek, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at The College of William & Mary. Follow her on Twitter @kjhiggins.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights