DOCSLIB.ORG

Virtual Firewall Security on Virtual Machines in Cloud Environment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

International Journal of Scientific & Engineering Research, Volume 6, Issue 2, February-2015 990 ISSN 2229-5518 Virtual Firewall Security on Virtual Machines in Cloud Environment Gladman Jekese, R.Subburaj Professor, Chiedza Hwata Abstract —Virtualization is revolutionizing how information technology resources and services are used and managed and has led to an explosive growth in the cloud computing industry, illustrated by Google’s Cloud Platform and Amazon’s Elastic Cloud. It brings unique security problems such as virtual traffic, denial of service and intrusion, resulting in penetration of virtual machines, which is disastrous for the enterprise, the user and the cloud provider. Virtual traffic between virtual machines may never leave the physical host hardware; making traditional physical firewalls hopeless to monitor and secure it. This paper proposes a virtual firewall which allows managing the network security of the virtual infrastructure per-virtual machine basis, defining network traffic rules, and hardening the security of the virtual environment. A private cloud is designed using open source solutions and to manage the firewall rules, we implement a Tree-Rule firewall technique which filters packets in a tree-like way based on their attributes such as IP address and protocols. The speed of filtering and processing packets on virtual firewall is highly improved to avoid overload of the firewall in the particular case. It permits to log and analyze network traffic logs for each of the monitored virtual machines. The virtual firewall will provide the power to control the bandwidth utilization of each virtual machine in the infrastructure, preventing overutilization and denial of service to critical applications. Index Terms— virtual firewall, hypervisor, virtualization, virtual machine, tree-rule firewall, stateful firewall, virtual traffic —————————— —————————— One way to secure and monitor VM-to-VM traffic is 1 INTRODUCTION through routing the virtualized network traffic out of the N cloud computing multi tenancy is problematic, especially virtual network and onto the physical network via Virtual I with public clouds. For example, co-locating two Local Area Networks (VLANs), and hence into a physical competing companies in the same physical server can raise firewall already present. The VLAN traffic could be monitored some privacy concerns unless tenants are properly isolated and filtered by the physical firewall and then passed back into from each other [1]. Also hybrid clouds introduce inter-cloud the virtual network and on to the target virtual machine. This communications a security threat that has to be properly process also presents risks to the hypervisor so it might be authenticated and protected to avoid abuse. In this paper, we more efficient to keep the traffic entirely within the virtualized propose a virtual firewall to improve security for virtual environment and secure it from there [6], [7]. The solution to machines (VMs) in cloud environment. this issue is the use of virtual firewall. Virtualization permits not only to reduce costs (electrical, space, hardware) by loweringIJSER the number of physical machines, but it also eases the management of an ever- growing number of computers and servers. VM systems can be categorized into two groups: Type I VMMs or Type II VMMs as shown in Figure 1. A Type I VMM runs directly on the physical hardware and a Type II VMM runs as an application in a normal operating system. However, virtualization is both an opportunity and a threat [2], [3]. The process of collapsing multiple servers into a single one, with several VMs inside, result in eliminating firewall and other Fig 1. Type 1 and Type II VMM Architecture protections in existence prior to the virtualization. Traditional 1.1 Traditional Firewalls physical security measures literally become blind to traffic A firewall puts a barrier that controls the flow of traffic between VMs since the virtual network traffic may never leave among domains, hosts and networks. A firewall is usually the physical host hardware [4], [5]. placed between the public internet and a private and trusted ———————————————— network. They are a combination of hardware (network • Gladman Jekese is an M.Tech student in Information Technology at SRM switches and routers) and software that deals with network University, Chennai, India, E-mail: [email protected] • Dr. R Subburaj is a Professor and Consultant in the Department of packets according to a given set of rules (firewall policy) that Information Technology at SRM University, Chennai., India, E- is the security policy. Conceptually there are three types of mail: [email protected] firewalls which are static, dynamic and application-layer • Chiedza Hwata is an M.Tech student in Information Technology at SRM University, Chennai, India, E-mail: [email protected] firewalls that generally apply different filtering rules. There have been many studies about firewall rule conflicts (anomalies) that occur within rule sets. The traditional IJSER © 2015 http://www.ijser.org International Journal of Scientific & Engineering Research, Volume 6, Issue 2, February-2015 991 ISSN 2229-5518 firewalls filter packets by comparing their header information security problems because a virtual machine (VM) behind the against a set of pre-defined firewall rules. Packets are filtered firewall may be attacked by other situated in the same in a sequential order, starting from the first rule until there is a domain. Therefore, to upgrade the security level, one proposal matching rule. If there is no matching rule found, the packet is is to reposition the firewalls as shown in Fig. 1(b) [9]. processed by the default rule. This process operates rule by However, this positioning consumes much more resource rule until a specific condition is reached. The rules in (e.g., disk space, Random Access Memory (RAM), and traditional firewalls are a list of condition statements followed hypervisor’s Central Processing Unit (CPU)). To resolve this by actions which are shown in Table 1 [8]. problem, the firewall can be a managed kernel process running within the host hypervisor that sits atop all VM Table. 1 An example of rule in Traditional Firewalls activity as shown in Fig. 1(c) [9] and this proposal consumes less resource but requests more rules in the firewall than the one shown in Fig. 1(a). The added rules are the ones for preventing the attacks between VMs. To overcome the problems, a virtual firewall is presented to support the third model (Fig. 1(c)) and evaluate its performance. Basically there are key issues with the traditional firewalls such as: • Security problem, caused by potential shadowed rules and the change of meaning of the rule policy due to rule repositioning, • Functional speed problem, raised by shadowed rules redundant rules and sequential rule matching, and • Difficulty in rule design, in which one needs to carefully choose the proper positions for the firewall rules in order to avoid listing 'bigger rules’ before 'smaller rules'[8]. 1.2 Virtual Firewalls Virtual firewalls are the linchpin of enterprise security in cloud environment and IJSERare the most widely adopted technology for protecting virtual private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a virtual private network or blocks legitimate traffic and disrupts normal business processes, which, in turn, could lead to irreparable, if not tragic, consequences. A virtual firewall is a firewall service running in a virtualized environment and providing the usual packet filtering and monitoring services that a physical firewall would provide. Virtual firewalls enable the use of network access controls Fig 2. Firewall models in cloud environment between VMs and other points in virtual and physical environments. Virtual firewalls are deployed within the fabric The rest of this paper is organized as follows. In Section 2 of the virtualization environment. A firewall can be we review previous studies on (virtual security) and firewall implemented on cloud environment as a service or appliance. optimization mainly from a theoretical view of point. In If a software firewall is applied, the firewall position is as Section 3 we show the methodology and design of the firewall shown in Fig. 1(a) [9]. It can be a purpose-built virtual security from a practical view of point and section 4 the appliance and the firewall position differs from what is shown implementation details of the virtual firewall. Finally in in Fig. 1(a) [10] and the firewall is not in the hypervisor Section 5 we conclude with an outline of possible although the levels of network security remain the same. The improvements. firewall positioning in Fig. 1(a) has its own benefits because it does not consume much resource as only a single firewall 2 RELATED WORK computer is required. However, this positioning still faces As a recommendation to understand virtual firewalls, [11], IJSER © 2015 http://www.ijser.org International Journal of Scientific & Engineering Research, Volume 6, Issue 2, February-2015 992 ISSN 2229-5518 [12], provides an overview of virtual firewalls and firewall virtualization techniques cannot be directly applied to the policy focusing on both network service access policy and cloud environment due to the semantic gap problem. As the firewall design policy. They did not look at the semantic gap increases the number of false alarms increases. implementation of the firewalls, nor do they use any particular Some public cloud providers have provided ways to apply products or security architectures or models. Their overlooked a set of static firewall rules to a cloud instance when it is the performance of the virtual firewall in the cloud provisioned. For example the IBM SmartCloud Enterprise environment an issue that we are going to look at in this (SCE) allows for such firewall definitions to be included in the paper. “parameters.xml” [21] that is associated with the cloud image R Schwarzkopf suggested the use of software updates and that is used to create the instance.
Recommended publications
  • Physical Or Virtual Firewall for Perimeter Protection in Cloud Computer Infrastructure

    Physical Or Virtual Firewall for Perimeter Protection in Cloud Computer Infrastructure

    16th INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS & TECHNOLOGY MANAGEMENT - CONTECSI - 2019 DOI: 10.5748/16CONTECSI/ITM-6115 PHYSICAL OR VIRTUAL FIREWALL FOR PERIMETER PROTECTION IN CLOUD COMPUTER INFRASTRUCTURE Thiago Mello Valcesia - IPT - Instituto de Pesquisas Tecnológicas - [email protected] Antonio Luiz Rigo - IPT - Instituto de Pesquisas Tecnológicas - [email protected] SUMMARY This article presents an examination of the different types of firewalls geared toward protecting Datacenters. The idea is to perform a survey of the different ways of installation, the safety perceived by customers, the positive and negative points of each model and the market trends for perimeter protection. In addition, it is intended to categorize rules, protection filters, application inspection criteria and services offered by firewalls, by analyzing the various protection schemes available in firewalls, regardless of the structure as a service in Cloud adopted. Keywords: Physical firewall, Virtual firewall, Cloud firewall, Security, Cloud Computing. INTRODUCTION The term Digital Security is increasingly present in our daily lives. The need to protect computers or prevent corporate networks from receiving unnecessary traffic, improper access, and unknown packets, coupled with the concern of professional information security staff about content accessed by Internet users, make data control a vital task. Firewall is much more than a "fire wall" isolating the company network from the external world represented by the Internet. The Firewall function is therefore essential to raise the level of security of the internal environment, protecting it from external attacks, increasing security and reducing the vulnerability of the local network. There are currently three Firewall alternatives to install on enterprise networks that aggregate cloud network segments: 1.
  • PCI DSS Virtualization Guidelines

    PCI DSS Virtualization Guidelines

    Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Author: Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines Information Supplement • PCI DSS Virtualization Guidelines • June 2011 Table of Contents 1 Introduction ....................................................................................................................... 3 1.1 Audience ................................................................................................................ 3 1.2 Intended Use .......................................................................................................... 4 2 Virtualization Overview .................................................................................................... 5 2.1 Virtualization Concepts and Classes ..................................................................... 5 2.2 Virtual System Components and Scoping Guidance ............................................. 7 3 Risks for Virtualized Environments .............................................................................. 10 3.1 Vulnerabilities in the Physical Environment Apply in a Virtual Environment ....... 10 3.2 Hypervisor Creates New Attack Surface ............................................................. 10 3.3 Increased Complexity of Virtualized Systems and Networks .............................. 11 3.4 More Than One Function per Physical System ................................................... 11 3.5 Mixing VMs of
  • Exploiting Cloud Management Services As an Information Leakage Channel

    Exploiting Cloud Management Services As an Information Leakage Channel

    I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel Hyunwook Baek∗ Eric Eide [email protected] [email protected] University of Utah University of Utah Salt Lake City, UT, USA Salt Lake City, UT, USA Robert Ricci Jacobus Van der Merwe [email protected] [email protected] University of Utah University of Utah Salt Lake City, UT, USA Salt Lake City, UT, USA ABSTRACT Though there has been much study of information leakage chan- nels exploiting shared hardware resources (memory, cache, and disk) in cloud environments, there has been less study of the ex- ploitability of shared software resources. In this paper, we analyze the exploitability of cloud networking services (which are shared among cloud tenants) and introduce a practical method for build- ing information leakage channels by monitoring workloads on the cloud networking services through the virtual firewall. We also demonstrate the practicality of this attack by implementing two different covert channels in OpenStack as well as a new classof side channels that can eavesdrop on infrastructure-level events. By utilizing a Long Short-Term Memory (LSTM) neural network model, our side channel attack could detect infrastructure level VM creation/termination events with 93.3% accuracy. CCS CONCEPTS • Security and privacy → Distributed systems security; Fire- walls; • Computer systems organization → Cloud computing; • Networks → Cloud computing; Figure 1: Resource sharing of two requests KEYWORDS cloud management, cloud security, side channel, OpenStack 1 INTRODUCTION However, shared resources also cause interference among cloud tenants and can even be exploited as information leakage channels Resource sharing is a fundamental part of cloud computing.
  • Vgw Virtual Gateway Virtual Gateway Virtual

    Vgw Virtual Gateway Virtual Gateway Virtual

    vGW Virtual Gateway Administration Guide Release 4.5 Service Pack 1 Copyright © 2011, Juniper Networks, Inc Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. SOFTWARE LICENSE The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions.
  • Who Is Ivan Pepelnjak (@Ioshints)

    Who Is Ivan Pepelnjak (@Ioshints)

    Virtual Firewalls Ivan Pepelnjak ([email protected]) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) • Networking engineer since 1985 • Focus: real-life deployment of advanced technologies • Chief Technology Advisor @ NIL Data Communications • Consultant, blogger (blog.ioshints.info), book and webinar author • Teaching “Scalable Web Application Design” at University of Ljubljana Current interests: • Large-scale data centers and network virtualization • Networking solutions for cloud computing • Scalable application design • Core IP routing/MPLS, IPv6, VPN 2 © ipSpace.net / NIL Data Communications 2013 Virtual Firewalls Virtualization Webinars on ipSpace.net Coming in 2013 Coming in 2013 vSphere 5 Update Overlay Virtual Networking Coming in 2013 Virtual Firewalls OpenFlow and SDN Use Cases VXLAN Deep Dive OpenFlow VMware Networking Cloud Computing Networking Introduction to Virtualized Networking Availability Other options • Live sessions • Customized webinars • Recordings of individual webinars • ExpertExpress • Yearly subscription • On-site workshops 3 InterMore© ipSpace.net- DCinformation /FCoE NIL Data Communications has @ very2013 http://www.ipSpace.net/Webinars limitedVirtual use Firewalls and requires no bridging Firewalls Used To Be Easy Packet filters Application-level firewalls (WAF) Firewalls Stateful Load firewalls balancers? 4 © ipSpace.net / NIL Data Communications 2013 Virtual Firewalls Routed or Bridged? Routed (inter-subnet) Transparent (bridged) • Packet filtering and IP routing • Packet filtering and bridging
  • The Virtual Firewall

    The Virtual Firewall

    The Virtual Firewall Vassilis Prevelakis Computer Science Department Drexel University 1. Introduction The trend towards portable computing means that the traditional security perimeter architecture (where a firewall protects computers in the LAN by controlling access to the outside world) is rapidly becoming obsolete. This has resulted in a number of products described as “personal firewalls” that control that computer’s access to the network and hence can protect it in the same way as a traditional firewall. Existing systems such as Windows and most Unix and Unix-like systems already provide security features that can be used to implement firewall functionality on every machine. However, the difficulty of securing general purpose operating systems has im- peded the widespread use of this approach. Moreover, it is difficult to ensure that a secured sys- tem remains secure after the user has had the opportunity to install software and perform recon- figurations and upgrades. Recognizing the futility of attempting to secure the user machines themselves, in [Prev03, Denk99] the authors proposed the use of a portable “shrink-wrapped” firewall. This was a sepa- rate machine running an embedded system that included firewall capabilities and was intended to be placed between the general purpose computer and the network. The problem of securing the firewall became much simpler as it utilized a special-purpose firewall platform with a highly controlled architecture. Sadly, the proposal saw limited adoption because carrying around yet another device is expensive and inconvenient. To make matters worse, if the external device is lost or damaged the user will be presented with a dilemma: remain disconnected from the net- work until the firewall box is replaced, or accept the risk and connect the laptop directly to the unprotected network.
  • Secure Data Center Networking with Open Vswitch

    Secure Data Center Networking with Open Vswitch

    Secure Data Center Networking with Open vSwitch Pa Pa Hlaing University of Computer Studies, Yangon [email protected] Abstract agility and isolation of VMs. Most physical switches deployed in conventional DCNs are not designed for either supporting such unique VM Data centers have become the next- requirements or flexible enough to augment new generation computing platforms for enterprises functionalities [7]. At the same time, VM and Internet users. This is primarily due to the networking has inherently unique characteristics, economic and technical advantages of resource such as the awareness of the migration of VMs sharing in data centers. By sharing computing and their multicast membership. Therefore, much and storage resources through services such as research has begun exploring the opportunity to cloud computing or software-as-a-service (SaaS), introduce a new, flexible and programmable users can amortize the cost of hardware and networking layer based on the knowledge of software. Because of the virtualization of VMs. resources, a new virtualized network access layer Modern data center networks consist of both has been introduced to interconnect VMs within physical networks connected by switches and the data centers. In data center, hosts have been virtual networks formed by VMs running inside recently employed virtual switch to interconnect physical hosts. Inside one computer, many VMs virtual machines (VMs) within data center can exist (as many as 120 VMs per host), each of networks. Virtual Switch is essential to control which has at least one virtual network interface and manage VM within the hosts. Open vSwitch, card (VNIC). The VNICs communicate with a network switch specifically built for Xen external networks through the host’s physical virtualization environment is presented.
  • S32 - a Primer on Virtualization Tom Ray

    S32 - a Primer on Virtualization Tom Ray

    S32 - A Primer on Virtualization Tom Ray A Primer on Virtualization Ignoring the man behind the curtain? Agenda • Top 3 things you need to know about Virtualization when you Audit it, & your IT & IT security groups. – What IS virtualization? – What are the issues? – What is a reasonable, “AUDIT-READY” secure Reference Architecture? • Discuss how to Audit a virtualized IT 2 1 What is Virtualization? 3 Some Observations • It is NOT new (but some developments are) • It is an “already expected ” cost containment technology in many IT departments • Before you can answer “what is” you need to identify which kind you are interested in • It is jargon and acronym-rich, & it’s vendor balkanized • It is (still) immature and so nothing does it full justice – no one approach, no set of standards, or vendor, or architecture, or set of components, or framework, or technology, or technique, or regulations, etc. • It will radically impact how you “do” IT & environments 4 2 What are the Issues? 5 In Summary 1. Disconnect between Logical and Physical is exploited for the technology’s benefit; not the humans’ 2. Dynamism 3. Blur & Ease of Sprawl – Increased Complexity & Interdependencies – Overlap of various roles’ capabilities 4. Resource equation is still a zero-sum game (at best) – Same staff (IT & Business) – Same Procedures? , … same Tools? 5. The technology’s Immaturity 6. Our IT Operations Immaturity 7. The CIO’s Drivers (expectations, motivations & intentions) 6 3 What is a reasonable, “AUDIT‐READY” secure Reference Architecture? 7 2 Security Reference Architectures Durable Non Compliance People / Organizations X Processes / Tasks / RnR Metrics? Threat Technologies / Constructs X Mitigation Build Specs / Contracts / Metrics? Documentation Technical-Trust Enablement 1.
  • Juniper Networks Inc

    Juniper Networks Inc

    JUNIPER NETWORKS INC FORM 10-K (Annual Report) Filed 02/26/13 for the Period Ending 12/31/12 Address 1194 NORTH MATHILDA AVE SUNNYVALE, CA 94089 Telephone 4087452000 CIK 0001043604 Symbol JNPR SIC Code 3576 - Computer Communications Equipment Industry Communications Equipment Sector Technology Fiscal Year 12/31 http://www.edgar-online.com © Copyright 2013, EDGAR Online, Inc. All Rights Reserved. Distribution and use of this document restricted under EDGAR Online, Inc. Terms of Use. Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 Form 10-K (Mark One) ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2012 OR TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from__________ to____________ Commission file number 001-34501 JUNIPER NETWORKS, INC. (Exact name of registrant as specified in its charter) Delaware 77-0422528 (State or other jurisdiction of incorporation or organization) (IRS Employer Identification No.) 1194 North Mathilda Avenue Sunnyvale, California 94089 (408) 745-2000 (Address of principal executive offices)(Zip Code) ( Registrant's telephone number, including area code) Securities registered pursuant to Section 12(b) of the Act: Title of Each Class Name of Each Exchange on Which Registered Common Stock, par value $0.00001 per share New York Stock Exchange Securities registered pursuant to Section 12(g) of the Act: None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
  • Juniper Networks Inc

    Juniper Networks Inc

    JUNIPER NETWORKS INC FORM 10-K (Annual Report) Filed 02/26/14 for the Period Ending 12/31/13 Address 1194 NORTH MATHILDA AVE SUNNYVALE, CA 94089 Telephone 4087452000 CIK 0001043604 Symbol JNPR SIC Code 3576 - Computer Communications Equipment Industry Communications Equipment Sector Technology Fiscal Year 12/31 http://www.edgar-online.com © Copyright 2014, EDGAR Online, Inc. All Rights Reserved. Distribution and use of this document restricted under EDGAR Online, Inc. Terms of Use. UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K (Mark One) ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2013 or TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from__________ to____________ Commission file number 001-34501 JUNIPER NETWORKS, INC. (Exact name of registrant as specified in its charter) Delaware 77-0422528 (State or other jurisdiction of incorporation or organization) (I.R.S. Employer Identification No.) 1194 North Mathilda Avenue Sunnyvale, California 94089 (Address of principal executive offices) (Zip code) (408) 745-2000 (Registrant's telephone number, including area code) Securities registered pursuant to Section 12(b) of the Act: Title of Each Class Name of Each Exchange on Which Registered Common Stock, par value $0.00001 per share New York Stock Exchange Securities registered pursuant to Section 12(g) of the Act: None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
  • Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

    Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

    This is the author’s version of an article that has been published in IEEE Transactions on Network and Service Management. Changes were made to this version by the publisher prior to publication. The final version of record is available at https://doi.org/10.1109/TNSM.2019.2941128. The source code associated with this project is available at https://github.com/doriguzzi/pess-security. Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions Roberto Doriguzzi-Corinα, Sandra Scott-Haywardβ, Domenico Siracusaα, Marco Saviα, Elio Salvadoriα αCREATE-NET, Fondazione Bruno Kessler - Italy β CSIT, Queen’s University Belfast - Northern Ireland Abstract—A promising area of application for Network Func- connected to the network through an automated and logically tion Virtualization is in network security, where chains of Virtual centralized management system. Security Network Functions (VSNFs), i.e., security-specific virtual functions such as firewalls or Intrusion Prevention Systems, The centralized management system, called NFV Manage- can be dynamically created and configured to inspect, filter ment and Orchestration (NFV MANO), controls the whole or monitor the network traffic. However, the traffic handled life-cycle of each VNF. In addition, the NFV MANO can by VSNFs could be sensitive to specific network requirements, dynamically provision complex network services in the form such as minimum bandwidth or maximum end-to-end latency. of sequences (often called chains) of VNFs. Indeed, Network Therefore, the decision on which VSNFs should apply for a given application, where to place them and how to connect them, Service Chaining (NSC) is a technique for selecting subsets should take such requirements into consideration.
  • HP Arcsight Smartconnector Supported Products Data Sheet

    HP Arcsight Smartconnector Supported Products Data Sheet

    Data sheet HP ArcSight SmartConnector supported products The HP ArcSight library of out-of-the-box SmartConnectors provides source-optimized collection for leading security commercial products. These products span the entire stack of event-generating source types, from network and security devices to databases and enterprise applications. SmartConnectors are the default listing in this document. In addition to SmartConnectors developed and maintained by HP ArcSight, we test and certify the following connector types through our Technology Alliances Program: • Common event format (CEF) Certified—helps ensure event information is captured properly in the CEF • Action Certified—allows for control of a vendor’s technology from within the HP ArcSight Console Common event format are in bold below and Action are Italicized. If they have both they are bold and Italicized. HP ArcSight SmartConnector supported Application security platform for installation • Arxan GuardIT • CentOS-6.5, 6.6, and 7.0 • Bit9 + Carbon Black Security Platform • Microsoft® Windows Server® 2008 • CA Layer 7 SecureSpan/CloudSpan SP2 32/64-bit Gateway • Microsoft Windows Server 2008 • Intralinks VIA R2 SP1 64-bit • McAfee Application Control (Solidcore) • Microsoft Windows Server 2012 • RSA Silver Tail Systems Forensics Standard 64-bit, R2 64-bit • Red Hat® Enterprise Linux® (RHEL) Clinical/Healthcare applications 6.4 64-bit • FairWarning • SUSE Linux 11 Enterprise Server 64-bit • Oracle Solaris 10 64-bit, 11 32-bit Cloud • IBM AIX version 7.1 64-bit • Box • CloudPassage