Network Infrastructure Security

Institutionalizing and promoting network infrastructure security best practices

Through our engagements with network operators across a variety of domains, we identified a consistent theme: in many cases, the necessary security tools already exist to dramatically reduce the threat posed by Distributed Denial of Service (DDoS) attacks. However, to meaningfully improve resilience, these solutions need broader adoption. Its almost cliche.

Motivated by the Combating DDoS effort, this project attempts to focus on identifying gaps in the adoption and development of multidisciplinary security standards and practices for network infrastructure hardware. There are a number of complicated reasons behind the lack of adoption, including the ever-increasing specialization of effort across the industry that creates silos of knowledge and decreases the interaction between those involved in building network infrastructure hardware and those who are focused on security challenges like DDoS attacks.

To delve into potential solutions and refine the necessary questions, we convened a small workshop with network security professionals along with infrastructure hardware experts. The conversation focused on how to ensure that requisite security-related features are implemented in hardware, including application-specific integrated circuits (ASICs), from the ground up—so network infrastructure devices can incorporate effective detection, classification, and traceback capabilities.  

Coming out of the workshop, it was clear the questions we were asking were much too broad. We goal moving forward is to focus on current and projected requirements for network infrastructure security capabilities and scalability. Based on our conversations with network engineers who proposed the idea, we are convinced that perhaps by adequately distributing the right technical information, the economics will line up: with education comes power.

We will continue future conversations with experts about what security standards currently exist, how they have adopted, and what gaps exist. Furthermore, we seek to particularly address security issues stemming from edge computing. We are always interested in hearing from new perspectives and collaborating with different sectors of industry, government, and academia on these questions, so please get in touch via ddos@securityandtechnology.org if you are interested in contributing to this initiative to secure network infrastructure.

From our Library

Reports

A Public, Private War

Jonathan Reiber

viewpdf