You are on page 1of 17

Self Defending Networks

Sarthak Ganguly

Sarthak Ganguly

Self Defending Networks


A study on the adaptive approach against threats to network and computer
security

Sarthak Ganguly
11/12/2010
Page |2

Foreword
Since every business today depends on the Internet and LAN networks for some business critical
function, the need for security is more important than ever. A company that does not have strong
security can end up on the news as being hacked, their stock can plummet, and they can be out of
business in no time. Once released, viruses and worms can hit businesses and consumers around the
world in a matter of seconds or minutes. However, you and y our company don't have unlimited funds;
you can't just put in every solution you discover. You have to weigh the level of investment in security
with the level of risk that is perceived by y our business. It's tough to decide how much to invest and
what solutions to choose, but you must ensure that y our network is reasonably secure.

“When we build a security environment that is flexible, manageable, and layered, we can handle any
new challenges that may appear. Our solution definitely gives us this capability.”

—Al Grapoli, network manager, State of Oregon


Page |3

Contents

What is a Self Defending Network ?


4

An Evolving Vision of Autonomous Security 6

What else is involved in CDSN?


How are credentials fundamental for Network Security? 7
Why is a Self Defending Network necessary?

Understanding the Threats 8

Self Defending Network Foundation: Network and Endpoint Security 9

What are the Security standards in SDN ? 10

Protecting Business Applications and Data: Application Security 11

VRF-Aware Firewalling 13

21st Century Security


15
What is the Future of SDN ?

What is the Future of SDN ? 13

Bibliography 16

References 17
Page |4

What is a Self Defending Network ?


The SDN is a large complex roadmap made up of many components. You aren't required to have all
the components. SDN does its job using all these different components. Examples of these components
are: NAC (admission control); Security Agent (endpoint protection); MARS (event correlation);
Network Intrusion Detection System (NIDS); authentication servers; Anti-X systems like ASA and Iron
port; network and host-based firewalls; and antivirus.

The theory of SDN is that the network has the ability and the intelligence to protect itself from threats.
However, this can only happen if the components of the network are working together to ensure this
level of security , intelligence, and adaptability .

Self-Defending Network: Combining Best-of-Breed Products and Services with a Systems Approach

A new generation of interactive business communication and collaboration technologies provides


tremendous productivity and flexibility gains for organizations of all kinds. But this unprecedented
connectivity also unleashes new, complex security risks, including:

● Increased exposure to security threats—Ubiquitous access to Web-enabled applications and services


enables users to work from anywhere, anytime—but also places businesses at risk anywhere, anytime.

● An eroding network perimeter—The traditional network barriers that separated trusted from
untrusted and “inside” from “outside” are now disappearing. As more applications become directly
accessible to remote users and systems, the concept of the network perimeter becomes increasingly
vague and more difficult to protect.

● Evolving threats—Information attacks of the past were largely an issue of cyber-vandalism, with
hackers primarily looking for fame. Today’s attacks are a profit-driven business, often controlled by
organized crime. The modern attacker uses a patient, “stealth” approach to eventually achieve a
successful attack. In addition, modern attackers often avoid technology defenses, using spam, phishing
attacks, and fraudulent Web links to target an organization’s weakest link: human beings.

As security risks have evolved, so have organizations’ approaches to them. Where information security
was once a technology issue, today it is a business issue—representing a more significant cost and
operational challenge, but a fundamental business enabler as well. More and more organizations are
implementing formal programs to reduce IT risk, especially security and compliance risks. As regulatory
compliance becomes a core requirement for organizations in more industries, businesses must develop
new capabilities for controlling the kinds of information traversing their network, how that information
is used, and who can access it. Organizations not only face the challenge of becoming compliant, but of
staying compliant as the network continuously evolves with business needs.
Page |5

How do the components of the SDN work together?


In Figure A, you can see how the components of the SDN are all over the network. Every link, piece of
hardware, and operating system is somehow secured by the SDN. By covering all the bases, SDN
attempts to thwart security issues wherever they crop up in the network.

In addition, the attempt of the SDN is to provide end-to-end visibility of the network's security events
and status.

Network dev ices must work together and be integrated in order for the SDN to do its job. Therefore,
you probably aren't going to have third-party network components on your network participate in the
SDN.
Page |6

An Evolving Vision of Autonomous Security


The Self-Defending Network strategy was initially built upon a network foundation— embedding core
firewall, VPN, and IPS security technologies within the fabric of the network itself. As business practices
and security risks continue to evolve, however, the Self-Defending Network is evolving as well. Today,
the Self-Defending Network builds on industry-leading network and endpoint defenses to incorporate
innovative application security, content security, policy enforcement, identity management, and
security monitoring technologies. By integrating Besides hardware components, best-of-breed product
capabilities in all of these areas into a systems approach to information security, can provide a
comprehensive solution for meeting today’s security challenges.

The Self-Defending Network encompasses:

● Network and endpoint security—The Self-Defending Network integrates firewall, VPN, IPS, and
other security services into network devices and endpoints to create an integrated, adaptive, and
collaborative defense system.

● Content security— product and security innovations extend network defenses beyond the
traditional network perimeter to protect data in motion, incorporating e-mail, Web interactions, instant
messaging systems, and other applications that require content inspection and control.

● Application security—A Self-Defending Network extends protection to applications and data,


providing XML and HTML inspection capabilities and fine-grained application control.

● System management and control—Today’s Self-Defending Network integrates sophisticated policy,


identity, and reputation services with powerful enforcement capabilities. These technologies unify
disparate network, endpoint, content, and application security services, and provide businesses with
unprecedented visibility and control.
Page |7

What else is involved in Self Defending Networks(SDNs) ?


While you can buy all the network hardware components you like, software and services are also a huge
part of SDN. Just as with anything else, without the people (services), the hardware isn't going to
implement itself. Once the SDN is implemented and the servicemen are gone, the network will still
need to be monitored and maintained.

offers a lot of services revolving around the Self-Defending Network. Figure B illustrates these
offerings:

How are credentials fundamental for network security?


When it comes to the implementation of the SDN, user and dev ice credentials are very important. The
user and device credentials are used to identify that device and to authenticate the user.

In Figure C, you can see how the device identification is checked, then the operating system and
application posture, and the user identity , based on username, password, and security certificate keys.

Why is a Self Defending Network necessary ?


The security challenge is that user laptops link to other networks and the Internet from home offices,
public hotspots, and hotel rooms, for example, and pick up an infection. Then, a user might return to the
office and reconnect directly to the corporate network via an Ethernet port or by associating with a
wireless LAN access point, inadvertently passing along the bad code. Meanwhile, there is a rapidly
shrinking window of time between when that network anomaly arrives and propagates across the
corporate network to cause serious consequences. By the time networking personnel detect a virus,
worm, Trojan horse, or other unwelcome intruder and attempt remediation, it’s often too late to avoid
network downtime and losses in productivity or sales.
Page |8

Understanding the Threats


The first phase of the Self-Defending Network strategy involves integrating security capabilities directly
into network elements, such as routers, switches, wireless access points, and standalone network
appliances. The second phase, which includes the industry- wide Network admission Control (NAC)
effort, involves security-enabled network elements communicating with one another in a collaborative
manner, such as an intrusion prevention system (IPS) telling an access control list (ACL) to deny access to
a connection. It also extends the security capabilities to the user endpoint devices that connect to other
networks and might infect the corporate network. Why has it now grown necessary to protect every
packet and flow? One reason is that, increasingly, security attacks are being introduced from within
Web-enabled applications, which use HTTP’s port 80 to communicate.

“Web applications, while empowering users, open the door to application abuse as traffic
traverses multiple networks and potentially picks up virulent code,” says Jayshree Ullal, senior
vice president of ’s Security Technology Group.
Page |9

Self-Defending Network Foundation: Network and Endpoint Security


The core strategy of the Self-Defending Network is to make network security integrated into the
network, adaptive to new threats, and collaborative across multiple capabilities and devices. Since the
1990s, has continually evolved its product portfolio under this guiding philosophy.

Today’s network security solutions are:

 Integrated—Market-leading products such as ASA 5500 Series Adaptive Security Appliances,


Integrated Services Routers, and Catalyst6500 Series Switches embed a robust suite of security
services into the network. provides security options using IOS® Software security features;
modules in routers, switches, and adaptive security appliances; dedicated security appliances;
or a combination of technologies. Today, more than 1.4 million routers and more than 3 million
switches used by companies around the world provide integrated security.
 Adaptive— security products augment traditional signature-based detection technologies with
behavioral-based capabilities. Security Agent, for example, monitors endpoint operating
systems to detect suspicious behavior, allowing it to respond to both known and unknown “day-
zero” threats. Technologies such as Guard Distributed Denial of Service (DDoS) Mitigation,
Anomaly Guard, and NetFlow Event Management products provide sophisticated capabilities
to detect and dynamically respond to abnormal events such as DDoS attacks.
 Collaborative—Commitment to collaboration among diverse network components helps
organizations implement more pervasive protection and simplify security management. For
example, if Security Agent detects suspicious activity on a host PC, it can communicate with
the Security Monitoring, Analysis, and Response System (MARS). Security MARS then
collaborates with the network IPS solution to closely monitor traffic flows to and from that
endpoint and cut off any potential attack. To enhance policy enforcement, Security Manager
allows organizations to configure policies through a centralized interface and push changes out
across the entire environment. Unified Communications and wireless technologies are designed
to draw on multiple components of these solutions to enforce securityWith integrated,
adaptive, and collaborative network and endpoint technologies, can:

● Transparently embed security services into the network

● Empower security teams to manage network security more efficiently, with fewer touch points

● Scale performance and services to customer needs

● Align security technology controls with business risk

● Deliver pervasive identity services

● Provide robust endpoint posture and policy assessment capabilities

● Improve business policy enforcement and compliance

● Provide strong protection against data leakage and loss


P a g e | 10

Where are the security standards in SDN?


There are a number of standards at work in the SDN roadmap. One of the most crucial technologies
related to the SDN is Network Admission Control (NAC). NAC is used to review dev ice security posture
before admission to the network. In many cases, this is done with 802.1X; however, that is only part of
what NAC does and how it works. The battle between 's NAC and Microsoft's new Network Access
Protection (NAP) is about to heat up. Fortunately for consumers, both companies have agreed that
there will be some compatibilities and interoperability between these two technologies. In the end,
there are many standards at work in creating this self-defending network.

To address these emerging threats and provide protection beyond the network perimeter, offers a
portfolio of best-of-breed content security technologies. content security tools include ASA 5500
Series content security technologies; IOS Software content filtering and voice security technologies;
and industry-leading Web and e-mail security technologies from IronPort, now a company. These
technologies incorporate innovative content security strategies such as:

● Treating all threats as “day-zero”attacks— content security solutions are designed to analyze an
unlimited number of variants, rather than seeking out a small set of targets. Using behavior- and
reputation-based analysis, these technologies can identify attacks that share functions, even if they
don’t share a specific attack signature.

● Providing scalability to address myriad attacks—Modern attacks are extremely diverse, ranging from
simple e-mail fraud to sophisticated, multivector threats such as the NIMDA worm, which can infect and
propagate across thousands of hosts using multiple means. content security technologies are designed
to recognize all attacks as unique threats, regardless of scale.

● Providing tools to manage multiple techniques and sources of attack—Cyber-criminals may target
everything from office applications to collaboration software to e-mail, employing a variety of self-
propagating and user-propagating techniques. content security solutions provide strong protection
regardless of attack source, transmission medium, or propagation method.
P a g e | 11

Protecting Business Applications and Data: Application Security


As business use of XML applications, Web services, and service-oriented architectures continues to
grow, organizations need new tools for securing these applications—both from malicious external
threats and from mistakes or abuse by legitimate users. In fact, research indicates that while the
number of newly discovered operating system vulnerabilities has declined over the past several years,
the number of application vulnerabilities has increased by double-digit percentages annually.

The Self-Defending Network includes best-of-breed application security technologies to provide:

● Layer-7 application protection for vulnerabilities in office and Web applications, Web servers, and
application servers

● Role-based authorization for accessing applications

● Identity services that extend from the network to applications

● XML traffic validation and inspection

● Enhanced deep-packet inspection to identify application protocols

At the core of ’s application security strategy is the ACE Web Application Firewall. The technology
provides comprehensive HTML and XML Web application traffic inspection to prevent application
hacking, secure both custom and packaged applications, and address the full range of Web application
threats. These capabilities protect organizations from attacks such as identity theft, data theft,
application disruption, and targeted attacks, while simplifying compliance with regulatory requirements
such as Payment Card Industry (PCI) data security standards. Ultimately, they allow businesses to take
full advantage of modern Web communication and collaboration applications while protecting critical
assets and reducing compliance and IT risk.
P a g e | 12
P a g e | 13

VRF-Aware Firewalling

As mentioned, the new base firewall code is also included in IOS Software Release 12.3(14)T. This step
has rendered the IOS Firewall virtual routing and forwarding (VRF)-aware.

In other words, a router that is running multiple routing instances (functioning, in effect, as multiple
routers within a single chassis), can now also run multiple IOS firewalls within that chassis to match,
explains Tom Guerrette, product manager in ’s IOS and Router Security Marketing Group.

The new software release applies IOS Firewall functionality to each VRF interface, allowing customers
to configure per-VRF firewalls. The firewall inspects IP packets that are sent and received within a VRF. A
few noteworthy capabilities about the VRF-aware IOS firewall:

■ It supports overlapping IP address space, thereby allowing traffic from nonintersecting VRFs to have
the same IP address.

■ It supports per-VRF (rather than global) firewall command

parameters and denial-of-service (DoS) parameters. In the case of a service provider managed service,
for example, the VRF- aware firewall can run as multiple instances allocated to various VPN customers.

■ It performs per-VRF URL filtering.

■ The VRF-specific syslog messages it generates can be seen only by a particular VPN, allowing network
administrators to manage the firewall.

■ It supports the ability to limit the number of firewall sessions per VRF.

The same capabilities apply to the PIX 7.0 Firewall and Adaptive Security Appliances, as well.
P a g e | 14
P a g e | 15

21st Century Security


With the addition of the Adaptive Threat Defense phase to the Self-Defending Network strategy,
multiple layers of built-in network security now reach from an Ethernet port to the interior of a Web
application. With this phase comes a much improved security paradigm for the 21st century.

With the disappearance of a definable network perimeter and security threats coming at networks from
every angle, point products alone no longer are an adequate defense. An integrated and proactive
multilayered system makes the Self-Defending Network—now a requirement to ward off the
consequences of rapid-propagating attacks—possible. And security will be an ongoing process that will
likely be forever evolving as networks, applications, and threats themselves change.

What is the future of SDN?


A complex framework, CDSN has a goal for all of their dev ices to communicate together, preventing any
danger to the network. The theory is that the dev ices will collaborate, with one dev ice telling another
that it is in danger. In my mind, the thought of many different hardware and software network security
dev ices all working together sounds almost too good to be true.

However, devices still don't easily integrate with other security dev ices, as they aren't easy to
implement and are typically expensive. Even though the SDN framework has been around for over six
years, there's still a lot of work left to be done before networks can truly be self-defending.
P a g e | 16

Bibliography

I thank all my friends who cooperated in this project, helped me with information, tips, corrected terms
and provided encouragement. I thank my parents and teachers for their unflinching support and
blessings. Without them I would not been able to create this report. I also thank Ben Sangster for
providing a wonderful presentation online for research and study. To all those mentioned I thank you.
P a g e | 17

References

Cisco Self-Defending Network: Combining Best-of-Breed

Products and Services with a Systems Approach (White Paper)

PACKET

Self Defending Networks

Network Security Evolves to Eradicate Attacks at Their Source(pg. 26)

CISCO Systems Users Magazine Second Quarter, 2005

TechRepublic : A ZDNet Tech Community

SolutionBase: Does the Cisco Self-Defending Network really work?

by David Davis

You might also like