In the first of this three-part series, “Security and the Virtual Network: Part I,” we discussed how network function virtualization (NFV) and software-defined networks (SDN) are changing the typical enterprise infrastructure.

In a new white paper from Cloud Security Alliance, there is some great information on some security challenges and increased risks of implementing virtual networks.

What Are the Risks?

First, SDN by its very nature has to be centralized around an overall controller that keeps track of the virtual network deployments and operations. This goes against the nature of some cloud computing environments, which are more distributed. Understanding this difference is critical to any successful SDN deployment.

Second, NFV infrastructure may not be compatible with your existing virtual machine hypervisors and cloud servers. Some of these existing cloud-based systems may use their own security apparatus that won’t function in another virtual network.

Third, the typical SDN deployment has its own hardware and management systems that may be unfamiliar to network administrators who are steeped in running traditional networks. This will require training and understanding the new default security settings. Professionals also need to learn new ways to configure the systems properly and ensure that the integrity of network operations is maintained.

Pros and Cons of a Virtual Network

The added complexity of NFV can hide potentially dire consequences. For example, as the Cloud Security Alliance paper stated, “a successful intruder could manipulate underlying network routes to bypass NFV security devices.” It goes on to describe how a malicious user could construct multiple security policies that could hide malware inside normal network traffic.

Another potentially troublesome situation could arise if two or more cloud-based networks were connected in such a way that the SDN controller wasn’t aware of the connecting components and couldn’t manage this traffic.

But not all is gloom and doom when it comes to maintaining a virtual network infrastructure. There are some big benefits that can improve your enterprise security profile, too. For instance, with properly planned NFV, you can build in security functions as part of your network fabric, such as intrusion prevention devices, virtual load balancers and firewalls. As your network expands and changes, the protection changes to match it appropriately.

You can construct a network with dynamic threat responses and a more flexible response because you can quickly provision these resources. “The NFV control plane can quickly provision different types of virtual security appliances, while the SDN controller can steer, intercept or mirror the desired traffic for security inspection, thereby creating a security service chain,” the white paper explained.

Be sure to read our final post in this series, in which we recommend improvements and certain security frameworks for protecting a virtual network.

More from Network

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…