MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization
As networks and services converge under the framework of NGN constructs, security is a key attribute because convergence suggests a level of complexity that the industry overall must balance between discreet capabilities and robust services. Transforming to an NGN framework does solve critical business issues in the service provider community and for large enterprises evolving to virtualized architecturesmost notably in capital expenditure efficiency and in operating expense reduction as goals. In this time of ever-increasing threat sophistication, an evolution of the miscreant adversary, and an ever-increasing complexity of effective solutions, the information technology industry must short-circuit the solution. The sophistication in attack techniques is one of the more frightening trends occurring in the security industry. Attacks were once primarily the work of hackers who wanted to temporarily take well-known sites offline to get media attention or brag to their friends. Now attacks are increasingly being used as the foundation of elaborate extortion schemes. In addition, some attacks are motivated by political or economic objectives, costing businesses and service providers millions of dollars each year. The effect of this trend, and its financial implications, will result in a more defined value proposition of protecting assets from attack for the entire industry. This security trend will enhance the general perception in the marketplace of the value of security-enabled services. This phenomenon also presents service providers and enterprise organizations with opportunities to charge more for their services. Security has therefore become more pivotal for both service providers and enterprise organizations to protect core assets; security is indeed a component for NGN architecture. The Cisco IP NGN is a vision and architecture designed to deliver a broad, sweeping transformation of the service provider network and business. It provides a sustainable competitive advantage and increases profits by helping service providers develop and plan for the future of their organizations, network architectures, and business models. In the IP NGN architecture, security is fundamental to a service provider's ability to protect its infrastructure, deliver the intended services in a manner that complies with specific service levels, and control the business. Security is resident in all four layers of the IP NGN architecture. Cisco IP NGN security solutions help create an environment in which service providers can extend services to generate increased revenue and differentiate themselves more clearly from competitors. In addition, Cisco IP NGN security solutions help service providers achieve greater efficiencies with highly available service and minimum downtime and to apply better control for network and business success. Let's look at how security operates in various layers of the NGN service architecture. In the operational layer, security spans the entire IP NGN architecture, protecting a service throughout the network to maintain service availability and enabling service survivability when attacks occur. In the network layer, security is built in to the foundation of the infrastructure and its hardware and operating systems to secure the transport of services. In the service layer, part of the Service Exchange Framework, security plays a role in creating services and service features to generate revenue and service differentiation. For example, security functions, such as detecting and responding to denial-of-service attacks, ensure that the service can continue without interruption. This noninterruption of service enables the operation of billing functions that are key to revenue settlements between service providers and their customers. In the application layer, security is resident in the applications themselves and in the links to the service layer to secure the integrity of the applications as they interface with the network. The intelligent operational layer operates through and helps connect the three IP NGN convergence layersnetwork, service, and applicationand makes intranetwork and internetwork communications as efficient and productive as possible. Intelligent networking simplifies the complexity of operating an IP NGN by making it more resilient, integrated, and adaptive. Together, the three convergence layers, the cohesive operational layer, and intelligent networking enable you to build integrated features that are consistent across product lines and that enable these products to function as a global systeman IP NGN. Security is fundamental to the IP NGN and is implemented through a combination of processes, technologies, and solutions. Within the framework of NGNs for service providers and enterprise customers, there is an opportunity to deconstruct security roles commencing at the access role. Specifically, this involves the customer premise edge router from one end of the service architecture and includes the data and control planes at the other end in a service provider or enterprise peering implementation. Security roles can include a firewall, an intrusion detection system (IDS), and anomaly detection via reporting applications, such as Netflow or Arbor. For CIOs today, security has taken on even greater importance with the passage of regulatory requirements in Sarbanes-Oxley and other regulations. Although Sarbanes-Oxley does not explicitly define security requirements, it does state that CEOs and CFOs must personally attest to their companies having proper "internal controls." It would be difficult for companies to certify the validity of data if the systems maintaining and transmitting the data were not secure. A company's accounting system is part of the corporate IT system. So, if the IT systems are not secure, the internal controls will not be viewed favorably by the government if a security incident occurs or a Sarbanes-Oxley review is performed. Therefore, understanding MPLS security aspects provides inputs to the enterprise IT security framework. |
Категории