What Is Security in a Service Provider Network?
Service Providers have always recognized the vital importance of security in their network infrastructure. A few steadfast rules apply:
But in today’s carrier network, security and integrity of the infrastructure and their devices are essential to support the thriving businesses that depend on networks.
Defense in depth has always been a recommended approach for securing your services and is a common practice that creates layers of security spanning across cryptography, digital signatures, firewalls, access controls, network security, authentication, encryption and much more.
Why is all this needed? Protecting services delivered on network infrastructure that impact customer service level agreements and preserving revenue attached to these services are starters. These objectives are even more important in a 5G world. Another fundamental reason is defined by government policy globally. For example, Homeland Security classifies multiple critical infrastructure sectors such as financial services, nuclear reactors, and communications. In the Communications Sector-Specific Plan, the executive summary states: “The Communications Sector is an integral component of the U.S. economy, underlying the operations of all businesses, public safety organizations, and government.”
The goals defined by critical infrastructure in communications are a dimension of security that deserves deeper inspection that begins with a simple question but has a complex answer.
What is trust?
Network security has always been focused on protecting against bad behaviors. Keeping the bad guys out, restricting access to critical resources, and providing effective visibility to detect bad behaviors. But something has always been missing - a way to control the integrity of the devices themselves. This is trust. It goes past preventing bad behavior to enforcing and reporting on the integrity of the systems that make up your network and critical services.
Trust is a multi-dimensional challenge that spans across the hardware and software of devices operated in the network. The primary goal with trustworthy devices is to build and maintain device integrity. In hardware, the focus is that the physical elements of the device have not been tampered with at any stage of the lifecycle. In software, the emphasis is to establish that the software and processes running on the device have not been altered. Across the operational lifecycle, an automated process with regular checkpoints to verify evidential history helps maintain integrity of hardware and software.
Start with a few basic questions:
- Is my hardware authentic? Has it been tampered with in any way?
- Is my software and firmware genuine? Are the running processes what I expect?
- How do I maintain device integrity over the operational lifecycle?
- How do my vendors handle secure development practices?
Platforms are composed of hardware and software. On these platforms, the first instructions of a device run on CPU stored in tamper-resistant hardware. This hardware anchor forms the root in a chain of trust. Integrity of each element of code in a system is validated before being allowed to execute. Think of the microloader, bootloader, network OS and applications; these are all software elements that can be compromised. Tampered activities at these stages, if gone undetected, can be very difficult to identify. By establishing a hardware-anchored root of trust, devices boot securely with integrity checks at each stage.
A unique cryptographic identity is another key element in a trustworthy platform. A X.509v3 certificate with an associated key-pair stored in tamper-resistant hardware during manufacturing provides the basis for this unique identity. This identity can be leveraged to secure activities like Zero Touch Provisioning, storage and hardware fingerprinting.
Trustworthy software further decreases the risk of compromised devices. The integrity of the software image that is being loaded is the first step. Sophisticated imaging signing creates a unique digital signature for a given block of code that can be verified during the secure boot process.
Additionally, devices may run for years between a reboot. During this time, unintended binaries could be spawned. The task of fingerprinting running processes leverages a kernel security module that checks every binary loaded into runtime memory against the digital signatures to protect against unintended processes.
A good practice includes developing software with the ability to build runtime defenses that protect against attacks on buffer overflows, execution of arbitrary code and memory locations where critical data resides.
During the operational lifecycle of a device, software can collect integrity data on boot keys, boot configurations and all launched software. A secure exchange of this data with an external validation service can give unbiased attestation of device integrity.
The problem with trust is that it’s a critical component of your security posture, but in most cases, it’s impossible to see. To be effective, your environment not only needs the security controls, but also the ability to visualize and report on it. Maintaining trust is a tireless process. It requires the data cryptographically collected from the trustworthy platforms that serve as evidence of the ongoing posture of a device running in critical infrastructure and comparing this evidence to measurements taken at the point of manufacture or software build.
Each manufacturer knows the right values, and can provide up-to-date fingerprints of hardware and software during the manufacturing process used to affirm integrity. These are also called “Known Good Values” (KGVs). Only by having an authoritative history of changes to the device state to establish traceability for forensic analysis can we measure and report on the operational state. As a best practice, cryptographically exporting the evidence to an independent host reduces the risk of insider threats.
Development and operational practices
Preparation and a mature process is required to build trustworthy devices. As a best practice when approaching product development, the manufacturer should have a detailed process that outlines a secure development lifecycle. These guidelines would include product security requirements, secure design, secure coding, static analysis and vulnerability testing.
As threats evolve, Cisco continues to enhance the security and resilience of our products and solutions. While no vendor can guarantee security, we are committed to transparency and accountability and to acting as a trustworthy partner to our customers to address today’s and tomorrow’s security challenges.
The future is bright, and innovations will create a better world. Don’t let security stand in the way. Mitigate risk of your critical network infrastructure with technologies to enhance trustworthiness. Learn more by visiting https://trust.cisco.com.
This content was sponsored by Cisco.