Juniper’s Fabric Network Could Improve Security
Flattening the network to give a single layer topography should make it more secure, but could also attract hackers, says Eric Doyle
It may be my imagination but Juniper Networks seems to be turning into a security company for the mobile network age. It’s become extremely successful in the high end firewall, SSL VPN and secure routing spheres and now it’s turning its attention to mobile device security.
Even its grand New Network strategy for data distribution has a strong security angle. As we are seeing with the growing number of complex advanced persistent threats (APT), the complexity of the network infrastructure makes it a powerful information distribution tool but also weakens the security.
Growing Complexity Increases Concerns
As the numbers of switches, routers and servers increase to handle an expanding range of endpoints, protecting the number of entry points from attackers becomes over complicated. Victims of recent exploits have been criticised for not reading the activity logs, but which ones should they have been reading?
It’s easy to point out in retrospect where the clues to an attack could be found but hackers are becoming far more “professional” and skilled at finding new entry points and routes to their goals, while developing innovative ways to cover their traces. Checking through the logs has to be far more thorough than before and the quantity of information means the time that should be spent increases as each new device comes online.
Karim Toubba, vice president of marketing for Juniper’s Security, Device and Network Services Business Group, said, “With more complexity it becomes difficult to know where the threat lies. The best most people can do is to find the areas of greatest exposure and concentrate on protecting them.”
Juniper’s answer to this complexity is to collapse the typical three-tiered network – core (backbone), distribution layer and access layer – into a single layer. The use of a switched fabric, such as Juniper’s QFabric, replaces the current bus architectures with a mesh that connects every device directly with every other device on the network.
The resulting web of connectivity will eliminate the switches and routers and replace them with a single device that makes it easier to protect. Unfortunately, Juniper is not there yet but it has reduced the layers to two.
A Secure, Flexible Network?
The ability to link network elements directly together also provides interesting possibilities of new network applications. Juniper has a healthy attitude that it cannot claim to be the sole innovators for its networks. The company is encouraging developers to take advantage of its Junos Space software development kit to create their own innovations.
As a cynical security writer, I believe the god of hardening is a fickle deity who ensures that as one hole is patched another is created. So, by flattening the network, Juniper is taking away many potential weaknesses that hackers could use. My fear is that the SDK could be used as a basis for creating malicious applications that sit on the network.
Toubba’s reaction was, naturally, one of reassurance. He pointed out that over eight or nine years the Junos platform has been hardened and that he does not think that Space and Junos would be a high profile target for hackers.
Hopefully that will be the case because the potential of securing the network and, at the same time, making it more flexible is an exciting prospect.