NFV has the potential to help operators strengthen network security, but NFV is a double-edged sword that also creates new security risks while strengthening security. The panel discussed the issue at the NFV everywhere workshop held last week.
Admittedly, network function virtualization (NFV) can indeed help network operators orchestrate security policies, and can leverage the advantages of being containerized to isolate workloads and enhance security. Moreover, thousands of containers running in a network can effectively confuse the attacker's gaze and increase the difficulty of attackers looking for targets.
However, NFV also introduces new security vulnerabilities. NFV has some security implications, such as requiring multiple passwords. The password itself is a potential threat that needs to be protected by other security technologies.
Security experts and non-experts disagree on the severity of NFV security threats. Experts appear to be more confident, unexpectedly bullish on NFV, and believe that the opportunities offered by NFV are far greater than the threats they pose. Even the experts believe that NFV has enough value to sacrifice some of the security. Experts believe that security can be managed within a reasonable range of safety, rather than in the pursuit of absolute security. Non-security experts are less optimistic, and they remain sceptical about NFV.
The Expert Group discusses NFV security at the NFV everywhere Seminar (image source: Then New IP)
Security is a process, not a state. NFV uses software to define all resources, so network operators can clearly define process management security. However, like all software, NFV has potential vulnerabilities, and network operators need to conduct intrusion detection, assess security, react quickly to threats, and fix vulnerabilities.
Open source is one of the ways to mitigate security risks. Network operators should assume supervision and code review, which is the quality assurance of open source technology. Open source is a way to win the idea that while enjoying open source resources, we should also fulfill our obligations, contribute our strength and supervise the loopholes in open source technology. Open source puts technology in the sun and receives countless double-eyed tests. Everyone is scrambling to find, patch holes, and once a loophole is discovered, many people will fix it overnight, because they want to be the "bug-fixing guy" in everyone's eyes.
However, open source also has the risk of open source. Extended functionality can lead to security implications for code bloat, and network operators may be slacking off and blindly trusting in public scrutiny. Most frightening of all, other open source people feel that the operator will audit the code, and the operators think that everyone will audit, both sides rely on each other but no one to undertake the work. This will bring unpredictable consequences.
NFV and open source are the basic components of a new IP network, and network operators can deliver their business quickly, but NFV and open source also pose new security challenges that operators need to confront and address.
This article is reproduced from Sdnlab , the original link: http://www.sdnlab.com/13808.html
NFV Security: A heaven-read hell