SlideShare a Scribd company logo

Mitigating Security Risk in Practical vCPE Solutions

Download as PPTX, PDF
ADVA
ADVA

Ulrich Kohn analyzes security risks associated with the vCPE use case with a special focus on the virtualization layer and the virtual infrastructure manager. He describes attack vectors and explains technical controls provided with OpenStack to counter the emerging risk.

Technology
1 of 13
Ulrich Kohn, CISSP Technical Marketing Director Mitigating Security Risk in Practical vCPE Solutions
© 2016 ADVA Optical Networking. All rights reserved. Confidential.2 Protection Is Becoming a Challenge Multiple reasons why security is a key concern • Attackers: from script kiddies to organized crime and intelligence services • Increased sophistication: advanced persistent threats (APT), bootkit-based threats • Disruptive technologies: control/data plane separation; virtualization; open versus proprietary
© 2016 ADVA Optical Networking. All rights reserved. Confidential.3 NFV: Opportunity or Threat to Network Security? Managed security services is a $20 to $30bn market – KEEP THE BALANCE • Immediate activation of security safeguards • Security analytics • PaaS and security offload, pooling of security expertise • Application isolation, micro- segmentation, central control • Image, patch management Opportunities • Larger attack surface, high- value targets • Higher system complexity • Shared resources, common hypervisor • From proprietary to open protocols • Out-of-country processing (compliance) Challenges
© 2016 ADVA Optical Networking. All rights reserved. Confidential.4 Vodafone VPN+ Multi-Vendor Demonstration at Mobile World Congress, February 2016 Automated site activation including firewalling Use Case 1: Automated scale-in and scale-out Use Case 2: DDos prevention with analytics Use Case 3:
© 2016 ADVA Optical Networking. All rights reserved. Confidential.5 Some Attack Vectors Virtualised Network Functions (VNFs) Management and orchestration VNF VNF VNF VNF VNF NFV Infrastructure (NFVI) Virtual Compute Virtual Storage Virtual Network Virtualisation Layer Hardware Resources Compute Storage Network Disgruntled employee Hypervisor and controller attacks Customer portal, public APIs e.g. DDoS Backdoor to hypervisor, control software Rogue VNF, noisy neighbor, malicious code Social engineering Spoofing, sniffing, MITM Compromise remote debugging/test interfaces Increased complexity, human error Rootkit
© 2016 ADVA Optical Networking. All rights reserved. Confidential.6 OpenStack Security Controls • Keystone authentication and token-based authorization • TLS for accessing APIs • SSH for VM management / system-level communication; SSH key injection with VM creation • Multi-tenant capability • Traffic isolation by VLANs, Linux name spaces, security groups (Neutron, Nova); port/tenant based: address filter, firewall, NAT • Availability zones • Sanitization of released storage space Network Horizon Dashboard ImagesObject Storage Volume Service Compute Service Keystone Identity Service Virtual Infrastructure Manager (VIM) NeutronGlanceSwiftCinderNova API, Authentication, Network, Images, Volums, Objects
© 2016 ADVA Optical Networking. All rights reserved. Confidential.7 vCPE Use Case – Edge NFV Enterprise Metro Network Carrier Ethernet Communication Service Provider vRouter FSP 150 ProVM with integrated server Core IP-MPLS Servers e.g. video vFirewall vIDS Challenges with OpenStack in a distributed compute environment • OpenStack optimized for DC applications within security perimeter • vCPE Use case: internal OpenStack interfaces connect over public networks • End point in untrusted environment (CSP view) • Present implementations do not provide comprehensive security controls* *Source: NFV Interoperability Evaluation, NIA/EANTC report on LightReading.com; Dec. 2015
© 2016 ADVA Optical Networking. All rights reserved. Confidential.8 A BT Perspective: Securing Openstack Over the Internet Source: “How NFV is different from Cloud: Using Openstack for Distributed NFV”, Peter Willis, BT; SDN and OF World Congress, Düsseldorf, Oct 2015.
© 2016 ADVA Optical Networking. All rights reserved. Confidential.9 Risk Mitigation in Edge NFV Virtual Compute Network VNF VNF VNF VNF virtual virtual, physical Risk mitigation with OpenStack security controls Security appliances such as IDS/IPS, firewalls but also service assurance functions Security additions to DPDK e.g. experimental Crypto API (Release 2.2), keep alive signaling, new performance management functions Encryption per virtual connections and/or bulk encryption Trusted platform module, hardware security modules for secure boot, key integrity Lower layer encryption becomes essential security control CPE device
© 2016 ADVA Optical Networking. All rights reserved. Confidential.10 Security Assurance in Edge NFV Open OS/Hyperv. X86 Server perf. assurance hardened SW/HW OpenStack in box HW acceleration tamper resistant assurancelevel Hardened Server FSP 150vSE Hybrid Server FSP 150 ProVM COTS Server Open OS/Hyperv. X86 Server perf. assurance hardened SW/HW HW encryption Open OS/Hyperv. X86 Server functionality
© 2016 ADVA Optical Networking. All rights reserved. Confidential.11 Security Work of Selected Standard Bodies and Industry Alliances • ETSI NFV ISG: “NFV Security; Problem Statement”, ETSI GS NFV- SEC 001, October 2014 + SEC 00x releases in 2015 • OpenStack Foundation: “OpenStack Security Guide“; best practices and implementation guide for securing an OpenStack implementation • ONF: “Principles and Practices for Securing Software-Defined Networks”, January 2015, ONF TR-511 • ONOS: Security response process, security emergency team • OPNFV security-related projects such as Moon, Barbican Standard bodies and industry alliances focus on security
© 2016 ADVA Optical Networking. All rights reserved. Confidential.12 Securing Edge NFV Devices • OpenStack in distributed compute environments calls for additional security controls • Defense in depth for mitigating attack surface in NFV-centric networks • Pure-player software and hybrid edge NFV devices for different levels of security assurance ADVA Optical Networking - your expert in edge NFV
Thank You IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.

Recommended

Making NFV-Based Business Services Secure
Making NFV-Based Business Services SecureMaking NFV-Based Business Services Secure
Making NFV-Based Business Services SecureADVA
 
Introducing the ADVA FSP 150-GE110 Pro Series
Introducing the ADVA FSP 150-GE110 Pro SeriesIntroducing the ADVA FSP 150-GE110 Pro Series
Introducing the ADVA FSP 150-GE110 Pro SeriesADVA
 
Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™ADVA
 
Secure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerSecure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerADVA
 
5G: Why Wait? - 5G Observatory 2016
5G: Why Wait? - 5G Observatory 20165G: Why Wait? - 5G Observatory 2016
5G: Why Wait? - 5G Observatory 2016Daniel Sproats
 
Network Functions Virtualization – Our Strategy
Network Functions Virtualization – Our StrategyNetwork Functions Virtualization – Our Strategy
Network Functions Virtualization – Our StrategyADVA
 
Verizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEVerizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEADVA
 
The New NFV Powerhouse
The New NFV Powerhouse The New NFV Powerhouse
The New NFV Powerhouse ADVA
 

Recommended

Making NFV-Based Business Services Secure
Making NFV-Based Business Services SecureMaking NFV-Based Business Services Secure
Making NFV-Based Business Services SecureADVA
 
Introducing the ADVA FSP 150-GE110 Pro Series
Introducing the ADVA FSP 150-GE110 Pro SeriesIntroducing the ADVA FSP 150-GE110 Pro Series
Introducing the ADVA FSP 150-GE110 Pro SeriesADVA
 
Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™Introducing the ADVA MicroMux™
Introducing the ADVA MicroMux™ADVA
 
Secure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerSecure Connectivity on Every Network Layer
Secure Connectivity on Every Network LayerADVA
 
5G: Why Wait? - 5G Observatory 2016
5G: Why Wait? - 5G Observatory 20165G: Why Wait? - 5G Observatory 2016
5G: Why Wait? - 5G Observatory 2016Daniel Sproats
 
Network Functions Virtualization – Our Strategy
Network Functions Virtualization – Our StrategyNetwork Functions Virtualization – Our Strategy
Network Functions Virtualization – Our StrategyADVA
 
Verizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEVerizon Selects Ensemble Connector to Deliver VNS uCPE
Verizon Selects Ensemble Connector to Deliver VNS uCPEADVA
 
The New NFV Powerhouse
The New NFV Powerhouse The New NFV Powerhouse
The New NFV Powerhouse ADVA
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™ADVA
 
Assuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network EdgeAssuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network EdgeADVA
 
Oscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 SystemsOscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 SystemsADVA
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportADVA
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
Drawing Customers North - September, 2016
Drawing Customers North - September, 2016Drawing Customers North - September, 2016
Drawing Customers North - September, 2016ADVA
 
Adva Cloud Computing Final
Adva Cloud Computing FinalAdva Cloud Computing Final
Adva Cloud Computing FinalChris O'Neal
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNADVA
 
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFVFSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFVADVA
 
ADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA
 
Cloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or DifferentiatorCloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or DifferentiatorADVA
 
Scalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud EvolutionScalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud EvolutionADVA
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV EasyADVA
 
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersDrawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersADVA
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical NetworksADVA
 
Leveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive RevenueLeveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive RevenueADVA
 
Creating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions VirtualizationCreating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions VirtualizationADVA
 
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber AssuranceADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber AssuranceADVA
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureADVA
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV EasyADVA
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 

More Related Content

What's hot

ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™ADVA
 
Assuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network EdgeAssuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network EdgeADVA
 
Oscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 SystemsOscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 SystemsADVA
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportADVA
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
Drawing Customers North - September, 2016
Drawing Customers North - September, 2016Drawing Customers North - September, 2016
Drawing Customers North - September, 2016ADVA
 
Adva Cloud Computing Final
Adva Cloud Computing FinalAdva Cloud Computing Final
Adva Cloud Computing FinalChris O'Neal
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNADVA
 
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFVFSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFVADVA
 
ADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA
 
Cloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or DifferentiatorCloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or DifferentiatorADVA
 
Scalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud EvolutionScalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud EvolutionADVA
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV EasyADVA
 
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersDrawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersADVA
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical NetworksADVA
 
Leveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive RevenueLeveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive RevenueADVA
 
Creating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions VirtualizationCreating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions VirtualizationADVA
 
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber AssuranceADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber AssuranceADVA
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureADVA
 

What's hot (20)

ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™
 
Assuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network EdgeAssuring Superior VNF Performance at the Network Edge
Assuring Superior VNF Performance at the Network Edge
 
Oscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 SystemsOscilloquartz's Acquisition of Time4 Systems
Oscilloquartz's Acquisition of Time4 Systems
 
Transforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical TransportTransforming Packet Networks With Open Optical Transport
Transforming Packet Networks With Open Optical Transport
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport Systems
 
Drawing Customers North - September, 2016
Drawing Customers North - September, 2016Drawing Customers North - September, 2016
Drawing Customers North - September, 2016
 
Adva Cloud Computing Final
Adva Cloud Computing FinalAdva Cloud Computing Final
Adva Cloud Computing Final
 
FSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDNFSP Network Hypervisor: Optical Network Virtualization for SDN
FSP Network Hypervisor: Optical Network Virtualization for SDN
 
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFVFSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
FSP 150 ProVMe (P2.4): The Easy Route to Edge NFV
 
ADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS DemoADVA Optical Networking and Arista Networks Joint OOLS Demo
ADVA Optical Networking and Arista Networks Joint OOLS Demo
 
Cloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or DifferentiatorCloud Services: Is the Transport Network a Utility or Differentiator
Cloud Services: Is the Transport Network a Utility or Differentiator
 
Scalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud EvolutionScalable and Secure Connectivity for Seamless Cloud Evolution
Scalable and Secure Connectivity for Seamless Cloud Evolution
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV Easy
 
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data CentersDrawing Customers North - Highlighting the Benefits of Nordic Data Centers
Drawing Customers North - Highlighting the Benefits of Nordic Data Centers
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
Leveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive RevenueLeveraging NFV Infrastructure to Drive Revenue
Leveraging NFV Infrastructure to Drive Revenue
 
Creating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions VirtualizationCreating New Business Services for the IoT With Network Functions Virtualization
Creating New Business Services for the IoT With Network Functions Virtualization
 
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber AssuranceADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
ADVA ALM: Advanced Link Monitoring Technology for Ultimate Fiber Assurance
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the Future
 

Similar to Mitigating Security Risk in Practical vCPE Solutions

Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV EasyADVA
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
MOS 7.0 vmware integration webinar
MOS 7.0 vmware integration webinarMOS 7.0 vmware integration webinar
MOS 7.0 vmware integration webinarEric Zhaohui Ji
 
ADVA Optical Networking Acquires Overture
ADVA Optical Networking Acquires Overture ADVA Optical Networking Acquires Overture
ADVA Optical Networking Acquires Overture ADVA
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit kimw001
 
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...Guston Remie
 
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growthシスコシステムズ合同会社
 
OpenStack-Foundation-NFV-Report
OpenStack-Foundation-NFV-ReportOpenStack-Foundation-NFV-Report
OpenStack-Foundation-NFV-ReportEric Zhaohui Ji
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
DNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayDNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayCisco Canada
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - Cavium
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - CaviumSummit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - Cavium
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - CaviumOPNFV
 
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...OpenStack Korea Community
 
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...ADVA
 
SDN / NFV opensource and standards in wireless networks 2015 for cnv
SDN / NFV opensource and standards in wireless networks 2015 for cnvSDN / NFV opensource and standards in wireless networks 2015 for cnv
SDN / NFV opensource and standards in wireless networks 2015 for cnvPatrick Lopez
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackEric Zhaohui Ji
 

Similar to Mitigating Security Risk in Practical vCPE Solutions (20)

Making NFV Easy
Making NFV EasyMaking NFV Easy
Making NFV Easy
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
MOS 7.0 vmware integration webinar
MOS 7.0 vmware integration webinarMOS 7.0 vmware integration webinar
MOS 7.0 vmware integration webinar
 
NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015
 
ADVA Optical Networking Acquires Overture
ADVA Optical Networking Acquires Overture ADVA Optical Networking Acquires Overture
ADVA Optical Networking Acquires Overture
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...
OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...
 
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
 
OpenStack-Foundation-NFV-Report
OpenStack-Foundation-NFV-ReportOpenStack-Foundation-NFV-Report
OpenStack-Foundation-NFV-Report
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
DNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayDNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus Day
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - Cavium
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - CaviumSummit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - Cavium
Summit 16: ARM Mini-Summit - Efficient NFV solutions for Cloud and Edge - Cavium
 
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
 
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...Putting the M in MANO: Major new Ensemble release delivers NFV management and...
Putting the M in MANO: Major new Ensemble release delivers NFV management and...
 
SDN / NFV opensource and standards in wireless networks 2015 for cnv
SDN / NFV opensource and standards in wireless networks 2015 for cnvSDN / NFV opensource and standards in wireless networks 2015 for cnv
SDN / NFV opensource and standards in wireless networks 2015 for cnv
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
 

More from ADVA

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 

More from ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Mitigating Security Risk in Practical vCPE Solutions

  • 1. Ulrich Kohn, CISSP Technical Marketing Director Mitigating Security Risk in Practical vCPE Solutions
  • 2. © 2016 ADVA Optical Networking. All rights reserved. Confidential.2 Protection Is Becoming a Challenge Multiple reasons why security is a key concern • Attackers: from script kiddies to organized crime and intelligence services • Increased sophistication: advanced persistent threats (APT), bootkit-based threats • Disruptive technologies: control/data plane separation; virtualization; open versus proprietary
  • 3. © 2016 ADVA Optical Networking. All rights reserved. Confidential.3 NFV: Opportunity or Threat to Network Security? Managed security services is a $20 to $30bn market – KEEP THE BALANCE • Immediate activation of security safeguards • Security analytics • PaaS and security offload, pooling of security expertise • Application isolation, micro- segmentation, central control • Image, patch management Opportunities • Larger attack surface, high- value targets • Higher system complexity • Shared resources, common hypervisor • From proprietary to open protocols • Out-of-country processing (compliance) Challenges
  • 4. © 2016 ADVA Optical Networking. All rights reserved. Confidential.4 Vodafone VPN+ Multi-Vendor Demonstration at Mobile World Congress, February 2016 Automated site activation including firewalling Use Case 1: Automated scale-in and scale-out Use Case 2: DDos prevention with analytics Use Case 3:
  • 5. © 2016 ADVA Optical Networking. All rights reserved. Confidential.5 Some Attack Vectors Virtualised Network Functions (VNFs) Management and orchestration VNF VNF VNF VNF VNF NFV Infrastructure (NFVI) Virtual Compute Virtual Storage Virtual Network Virtualisation Layer Hardware Resources Compute Storage Network Disgruntled employee Hypervisor and controller attacks Customer portal, public APIs e.g. DDoS Backdoor to hypervisor, control software Rogue VNF, noisy neighbor, malicious code Social engineering Spoofing, sniffing, MITM Compromise remote debugging/test interfaces Increased complexity, human error Rootkit
  • 6. © 2016 ADVA Optical Networking. All rights reserved. Confidential.6 OpenStack Security Controls • Keystone authentication and token-based authorization • TLS for accessing APIs • SSH for VM management / system-level communication; SSH key injection with VM creation • Multi-tenant capability • Traffic isolation by VLANs, Linux name spaces, security groups (Neutron, Nova); port/tenant based: address filter, firewall, NAT • Availability zones • Sanitization of released storage space Network Horizon Dashboard ImagesObject Storage Volume Service Compute Service Keystone Identity Service Virtual Infrastructure Manager (VIM) NeutronGlanceSwiftCinderNova API, Authentication, Network, Images, Volums, Objects
  • 7. © 2016 ADVA Optical Networking. All rights reserved. Confidential.7 vCPE Use Case – Edge NFV Enterprise Metro Network Carrier Ethernet Communication Service Provider vRouter FSP 150 ProVM with integrated server Core IP-MPLS Servers e.g. video vFirewall vIDS Challenges with OpenStack in a distributed compute environment • OpenStack optimized for DC applications within security perimeter • vCPE Use case: internal OpenStack interfaces connect over public networks • End point in untrusted environment (CSP view) • Present implementations do not provide comprehensive security controls* *Source: NFV Interoperability Evaluation, NIA/EANTC report on LightReading.com; Dec. 2015
  • 8. © 2016 ADVA Optical Networking. All rights reserved. Confidential.8 A BT Perspective: Securing Openstack Over the Internet Source: “How NFV is different from Cloud: Using Openstack for Distributed NFV”, Peter Willis, BT; SDN and OF World Congress, Düsseldorf, Oct 2015.
  • 9. © 2016 ADVA Optical Networking. All rights reserved. Confidential.9 Risk Mitigation in Edge NFV Virtual Compute Network VNF VNF VNF VNF virtual virtual, physical Risk mitigation with OpenStack security controls Security appliances such as IDS/IPS, firewalls but also service assurance functions Security additions to DPDK e.g. experimental Crypto API (Release 2.2), keep alive signaling, new performance management functions Encryption per virtual connections and/or bulk encryption Trusted platform module, hardware security modules for secure boot, key integrity Lower layer encryption becomes essential security control CPE device
  • 10. © 2016 ADVA Optical Networking. All rights reserved. Confidential.10 Security Assurance in Edge NFV Open OS/Hyperv. X86 Server perf. assurance hardened SW/HW OpenStack in box HW acceleration tamper resistant assurancelevel Hardened Server FSP 150vSE Hybrid Server FSP 150 ProVM COTS Server Open OS/Hyperv. X86 Server perf. assurance hardened SW/HW HW encryption Open OS/Hyperv. X86 Server functionality
  • 11. © 2016 ADVA Optical Networking. All rights reserved. Confidential.11 Security Work of Selected Standard Bodies and Industry Alliances • ETSI NFV ISG: “NFV Security; Problem Statement”, ETSI GS NFV- SEC 001, October 2014 + SEC 00x releases in 2015 • OpenStack Foundation: “OpenStack Security Guide“; best practices and implementation guide for securing an OpenStack implementation • ONF: “Principles and Practices for Securing Software-Defined Networks”, January 2015, ONF TR-511 • ONOS: Security response process, security emergency team • OPNFV security-related projects such as Moon, Barbican Standard bodies and industry alliances focus on security
  • 12. © 2016 ADVA Optical Networking. All rights reserved. Confidential.12 Securing Edge NFV Devices • OpenStack in distributed compute environments calls for additional security controls • Defense in depth for mitigating attack surface in NFV-centric networks • Pure-player software and hybrid edge NFV devices for different levels of security assurance ADVA Optical Networking - your expert in edge NFV
  • 13. Thank You IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.

Editor's Notes

  1. 4