Open Networking and Security: Can Open Source Be Safe?

Open Networking and Security: Can Open Source Be Safe?

In survey after survey asking network operators about their biggest concerns, network security routinely tops the list. Intuitively, a closed proprietary system sounds like it would be more secure than the open networking model, which is based on open source code. However, when applied properly, open networks can be just as secure as their proprietary counterparts, if not moreso.

The Open Networking Model

As we’ve discussed before, the “open networking” model refers to the disaggregation of network hardware and software. Instead of being locked into a complete solution, network operators can consider their hardware and software needs separately. Most open network software solutions are based on open source code, and offer a degree of flexibility not commonly found in proprietary systems.  Many global service providers have been drawn to these systems’ support for software-defined networking (SDN) and network function virtualization (NFV); according to the OpenStack Foundation, 60% of telecom professionals are actively exploring NFV solutions. These solutions provide an unparalleled cost savings, power and simplicity for network management. However, they can open up new vulnerabilities in the network, susceptible to malicious attacks.

The Best of Both Worlds?

There is a perception that this flexibility and agility must come at the expense of security. After all, how could software with a publicly-available source code possibly be safer than a traditional proprietary system developed under total secrecy? Is it possible to reap all the benefits of open networking without sacrificing your network’s safety?

It is possible. In fact, open source software’s biggest perceived weakness can also be its greatest strength: the open source community itself. More eyes on the code can mean faster answers to security vulnerabilities, without having to wait for a large single entity to react and provide security patches. Furthermore, most of the market leaders in open NOS software are Linux-based, and therefore follow Linux’s mantra of “security through transparency.” In particular, Cumulus Linux software uses the Debian distribution of Linux, and can leverage the robust security toolkit found in the Debian repository, including password encryption, defense against SSH attacks, and netfilter tools to identify and filter specific IPv4, IPv6, and L2 datagrams.

Ultimately, there is no permanent, airtight security solution, open or proprietary. Network security requires constant vigilance; even the most obscure, technologically-advanced security protocol will be rendered ineffective if there is no one actively monitoring it. Fortunately, SDN can provide a near-omniscient network view from a centralized location that facilitates network-wide deployment of security tools.

Ready to explore the benefits of open networking? Contact us today

Share on facebook
Share on twitter
Share on linkedin