1 / 13

SANE: A Protection Architecture for Enterprise Networks

SANE: A Protection Architecture for Enterprise Networks. Offense by: Amit Mondal Bert Gonzalez . SANE or INSANE?. Single-point-of-failure. SANE design essentially reduces the whole network to a single DC. If this DC fails or is compromised, the entire network is at stake.

koren
Download Presentation

SANE: A Protection Architecture for Enterprise Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez

  2. SANE or INSANE?

  3. Single-point-of-failure • SANE design essentially reduces the whole network to a single DC. • If this DC fails or is compromised, the entire network is at stake. • Even with multiple DCs, the network is at a greater risk because there always a single point-of-failure • Compare with “Tesseract: A 4D Network Control Plane”

  4. Performance • Huge performance overhead! • Decryption is involved at every intermediate switches • Compare with IPSec • Computation burden on the network switches? Bottleneck! • Decryption per packet

  5. Scalability • Is SANE architecture scalable? • Every sender needs to get capabilities (encrypted source routes) from the DC to communicate with any other hosts • DC becomes a bottleneck! • Route computation, capability computation etc.

  6. Network Visibility • Network switches are reduced to dumb entities • Network Monitoring • Troubleshooting • Traceroute • Failure detection • Dynamic failover • Convergence time? • Network partitioning

  7. Packet Forwarding in Dark • Strict switch-level source routing • Dynamic load balancing • Traffic Engineering • Virus, worm propagation • Prevents deployment of advanced transport protocols e.g. XCP

  8. Resiliency against attack • Resource exhaustion • “ … simply generates a new key; this invalidates all existing capabilities …” • What about the ongoing behaved flows? • They are just victim of DoS attack • Attack against routing infrastructure • Misbehaving switch • Advertise fake paths to DC! • Compromised DC?

  9. Implementation and Evaluation • “– interconnecting seven physical hosts on 100 Mb Ethernet … ” • “ … only a few domain controller are necessary to handle DC requests from ten of thousands of end host.” • No justification, no evaluation!

  10. Multiple DC? • Consistency among multiple DC? • If someone can configure and manage multiple DCs then what’s the big difference from configuring and managing firewalls, NATs and ACLs?

  11. Performance bottleneck • Encryption/Decryption overhead • “ – 99% of CPU time was spent on decryption alone – leading to poor throughput performance”

  12. Hardware Implementation • Cisco Catalyst 6513 Switch (Latest Model) • “Can perform MAC level encryption at 10 Gb/s” • Misleading: Model support 10 Gbps Ethernet, does not mean it encrypts at that speed. • Cisco states with the use of a Service Module, 2 Gbps of encryption can be provided.

  13. Security Tests • Revocation • Not Tested • DoS Attacks • Not Tested • Flooding Attacks • Not Tested • Malicious DCs • Not Tested • Only one DC! • Evaluations show that SANE can fit into a network but does not show that it makes a network more secure! • Secure Architecture for the Networked Enterprise • SANE: A Protection Architecture for Enterprise Networks

More Related