What are Self-defending Networks?
The self-defending network is a new initiative created by Cisco for system security. The idea here is to get the network having the ability to defend itself so that threat mitigations can be more effective. As we know, sometimes the admin has to go to a certain website to know the latest virus outbreak or threat and then defend his/her network. Remember the case of Code Red or SQL Slammer where it spread in exponential time. Going to a certain forum or website to look for the latest outbreak, and then patching the network are simply ineffective. By the time we patch our network, chances are that some local users may already be infected. We need a more effective approach to defend our networks.
Also, attacks nowadays are no longer affecting one or two offices, but it can in fact affect an entire region. Attacks have evolved from one source to distributed sources (think about DDoS). Attacks are also getting more and more persistent; it doesn’t end with one attack. Put it simply, the message that Cisco are trying to get across with the self-defending network strategy is: network attacks are getting complex and we are in dire need of an answer! The self-defending network strategy is the answer.
Building a self-defending network
Cisco have specified that there are three components in building a self-defending network:
1. Secure connectivity
– This has anything to do with the way users connected to our network. We need to make sure that each connection made to our network is secure. Each channel has to be encrypted. Authentication should take place. Confidentiality and data integrity have to be ensured. Technologies that can be used in this phase are SSH (no telnet, please!), SSL, and IPSec (VPN). Of course, when Cisco talk about a self-defending network, they already prepare some product lines to support it. One of them is the VPN concentrator.
2. Threat defense
– This is about securing the network infrastructure. Note that securing communication channels doesn’t mean securing the network infrastructure. For example, there are many users who (still) ignorant about network security, they may download a virus from the Internet (disguised as an application) or they may use a peer-to-peer program, which we know about its security flaws. Here, we are talking about firewall, IPS/IDS, anti-virus, network monitoring, anything that can maintain the stability of our network.
3. Trust and identity
How can a switch know who you are before granting you an access to the network? How can a switch know that the device that you just connected complies with the security policy? What about the application that a user wants to execute, how can we know about its security? This is the last component for a self-defending network that Cisco have specified. And Cisco use a technology called Network Admission Control (NAC) which its primary objective is to enforce the security policies to all devices connected to the network. Based on credentials given by the user, NAC can give an access to a network or permit certain applications to be executed.
So, these are three components of a self-defending network. Building a self-defending network is not a one-man show, but rather it’s a teamwork effort. In other words, these three components have to work together! (And yes.. Cisco will get a lot of money from all of this).
One last thing to remember though, deploying a self-defending network is a major upgrade for our network. It is not an overnight process. We have to socialize the components to the users and ensure that the components do not hinder their productivity.