Zero Trust does not equate to Zero Risk
As part of its work on the Defense Department’s Enterprise DevSecOps Initiative, the Air Force is increasingly deploying solutions like Kubernetes, the open-source platform for managing containerized workloads and services, to deliver advanced capabilities to warfighters.
The initiative began by proving that it could be done. The Air Force used the DoD’s SoniKube software DevOps shop to install Kubernetes on the legacy hardware in F-16s and in just 45 days was able to get three concurrent Kubernetes clusters running on a jet.
And while the Air Force faced the challenges most enterprises face when moving to agile and open development systems — such as legacy waterfall methodology, skills shortages and culture clashes – they had an advantage in the fact that the F-16’s classified systems run in a disconnected environment so that they are protected from vulnerabilities introduced by connecting to the internet.
The result is a complex virtualized, software-defined networking solution with a comprehensive stack encompassing environments for test/dev, hardened containers and continuous integration featuring zero-trust security, and an application layer featuring reusable modular software or microservices leveraging hardened containers.
According to the Air Force the solution will extend well beyond the F-16 jet with plans for it to power many of its business systems being rebuilt to move to cloud native environments and microservices architectures.
By virtualization and containerizing applications the solution provides patch management and baseline configuration management to secure the infrastructure. And while the Air Force believes the Zero Trust approach is secure, because of the sprawl of virtual servers and containers, dynamic suspension and movement of virtual servers and containers, these security functions need to be carefully orchestrated.
Recently, in the commercial market, we have been seeing the virtualization and containerizing applications layer associated with DevOps environments becoming a new attack surface that bad actors are starting to target. The control plane is often the weak link. An attacker that compromises a web-based management interface can compromise all virtualized hosts and containers on that server.
At the core of the network functions provided by either virtualization or containerizing is Software Defined Networking (SDN). Because of the reliance on SDN, these systems can be particularly vulnerable to Distributed Denial of Service (DDoS) attacks that disrupt service by consuming resources. A DDoS attack that ramps up CPU or memory consumption on a virtual machine can actually steal resources from other VMs on the same physical infrastructure, having a broader effect than just the targeted system.
As government and commercial organizations assess and adopt virtualization, containerizing and therefore SDNs, there are still questions around proper authentication, access control, data privacy, and data integrity.
A university team recently analyzed the performance of SDP in conjunction with the SDN architecture. Based upon experimentation with Waverley Lab’s Open Source Software-Defined Perimeter (SDP), , the team found ways where SDP can act an extra measure of security in the authentication process during a DDoS attack.
The team led by professors, Ahmed Refaey of Manhattan College and Abdallah Shami of Western University, detailed findings and conclusions in a new paper titled, “On the Security of SDN: A Completed Secure and Scalable Framework Using the Software-Defined Perimeter.”
Figures 8 and 9 from the paper (and shown below), detail SDP’s ability to mitigate the flood of DDoS attacks at both the client and server. It is noted that with SDP enabled within the SDN architecture, 75% of network throughput is without interruption or loss of connection. An additional bonus that SDP provides is that the servers within the infrastructure are totally hidden from all but authorized users/devices.
As DevOps teams move towards cloud environments (such as AWS or IBM) and/or on premise containerizing (using Docker, Kubernetes and RedHat OpenShift) to enable continuous integration/continuous delivery methodologies, they must discuss issues related to bolstering the strength of the underlying SDN architecture. The results clearly show SDP is effective in slowing down DDoS attacks on critical network functions. To read the detailed findings in the paper, click here to download it.