Toward An Active Network Security Architecture.
详细信息
文摘
Network and systems security have never been more important than they are today. Attackers continue to expose new vulnerabilities and exploit them as quickly as new technologies,applications,and security strategies are developed. Todays security systems work in relative isolation with limited programmatic control and remediation is working at human reaction speed. Active Security gives a fundamental architectural advantage to the network defender. Active Security seeks to leverage all resources present throughout the infrastructure through a unified programming interface to protect existing infrastructure,interface with a variety of sensors,adjust the configuration at run-time,collect forensic data on-demand,and counter an attack. This makes a programmable network infrastructure and Software-Defined Networking SDN) control key enablers of an Active Security architecture. Today,digital forensics is commonly performed in response to an incident or anomaly after an attacker has succeeded and possibly cleaned up the crime scene. We argue that this deep well of useful information should be leveraged in our architecture immediately when an attack or anomaly is detected. In particular,we investigate host physical memory which is often lost or tampered prior to an investigation. SDN bears the banner of programmatic control and thrives in an infrastructure capable of granular programming. This requirement acts as a barrier to entry by enterprise organizations who neither have the funding nor the technical ability to upgrade their network to SDN control overnight. A new transition alternative is needed that allows SDN control today using the existing legacy equipment. We show significant progress at closing this gap with ClosedFlow,extending SDN control to legacy networks,to enable immediate adoption of an Active Security architecture in the enterprise. We strengthen the case for an active security architecture illustrating the benefits of an automated sense,decide,respond feedback loop within a software-defined security controller and present the two research branches that were specifically investigated.