Introduction: The need for “trustworthiness” as a new network security pillar

Can you verify that your network is safe and authentic across all its components? For most Service Providers, the complicated—but honest—answer is no.

The reason behind the uncertainty is easier to answer. Service providers like you operate the largest and most complex networks in the world making it difficult—if not impossible—to have complete visibility into all your network components and traffic. It’s even more challenging to gain an understanding of just how much you don’t know about your network. The root of the network trust problem is the inability to accurately verify that all domains and network components have not been tampered with and are genuine to their manufactured state.

Today’s barriers to network trust and security:

  • Security threats have evolved from outside intruders seeking access to your network through vulnerability points to intruders now seeking more direct control of your infrastructure. This threat essentially grants trespassers the keys to the kingdom of your network.
  • Utilizing manual labor to check each component isn’t a workable solution given the scale of your network.
  • Using software to ask hardware “are you still genuine?” isn’t viable because software can be programmed to believe what it is told. 
  • Traditional security solutions such as firewalls or data encryption protocols like IPSEC or MACsec are insufficient tools for detecting and protecting against these new threat vectors.

To overcome these challenges and establish network trust, service providers are turning to an automated integrity validation or “trust verification” capability. This gives service providers a continuously updated ‘trust status’ for their infrastructure elements that is measured against known good values for those elements—ensuring they are unaltered. One application for a trustworthy infrastructure is a service known as trusted path routing. Adding this capability is essential—or soon will be—for service providers as well as their customers to ensure data security and privacy across the transport networks. Understanding exactly how you can enable and deploy network trustworthiness at a massive scale will help you give your business a competitive edge when it comes to security. 

Step One: Build visibility and verifiability into your network to increase network trust

There are two essential elements to building network trust. First, define exactly what a trusted network is for your organization and second, create an automated, continuous process that verifies your network continuously meets that definition. Using a definition founded on immutable information contained within the infrastructure components allows the automated process to quickly and accurately assess the state of your network to ensure it is entirely in your control.

But what do these processes look like in a mass-scale network? Two metaphors help us illustrate how it works: a snapshot and a handshake.

The snapshot

Imagine taking a snapshot of your “pure” network infrastructure at the time each component was manufactured into the routers. That snapshot would contain the unique identifiable information of each component used onboard your router. Having this information for each router within your network would provide you with a baseline of the original manufactured elements provided to you. The snapshot defines your network trust by defining the hardware and components that should be on the network. Additionally, the operating software for those routers also contains unique identifiable information that would provide authentication that it is genuine.

  • Your snapshot is entirely unique to your network. No organization’s network looks the same as the next.
  • The snapshot doesn’t have to be your entire network all at once. You can create separate snapshots for unique domains or segments within your network.

The snapshot is a data artifact that clearly defines the unique identifiers for your network infrastructure so it can be easily and continuously referenced against your active network elements to identify irregularities.

Related link: Learn more about how to achieve mass network awareness and visibility >

The handshake

A handshake requires trust and agreement: both parties must acknowledge one another and agree to the connection.

That’s why it is historically used as a metaphor in a network environment. When used to establish trust in a network, or network trust, the handshake occurs between the hardware and software within each routing device. Each party, hardware or software, has a list of the other’s unique identifiers to use as a validation tool. This allows the hardware and software to have a secret handshake of sorts, and if either party fails at the secret handshake, the router is either not allowed to operate or a ‘failed’ message is sent to an administrator for attention.

Step Two: Use trust verification to enable trusted path routing

Together, the snapshot and the handshake form the foundation of trust within the infrastructure that comprises your network. While enforcing network trust manually is not plausible, your infrastructure already manages it on an ongoing basis. Operating a trustworthy network just inserts a crucial but quick moment of verification into the process and stores the trust status of your network so your engineers can quickly receive notifications on irregularities and take action.

The trust status of the network is continually updated and stored in an attestation database. This database acts as an independent verification tool for each network router to use to ensure that the router they want to communicate with is playing nice in the network and can be trusted with the data transport, thus enabling trusted path routing.

How network transport trust verification works:

  • Before the “handshake”, or point of connection, between two routers, both routers check the network trust of their neighbor against the attestation database, essentially asking, “Is this router something to trust, or is it a bad guy?”
  • If the answer is yes, the data supply chain continues uninterrupted across the transport network.
  • If the answer is no, then the offending router is skipped in the data supply chain, and an alternate route with trusted partnerships is selected.
  • The verification process can center on network trust statuses and secret handshakes, but it can also include other elements of infrastructure status. For example:
  • You may want your most sensitive data to only transverse routing paths that use routers with the most current operating system versions.
  • Exclusion criteria could be set to avoid, or not trust, routers with older operating system versions.

Trust verification, in a nutshell

When you set up trusted path routing, your network engages in a continuous, ongoing measurement, almost like whitelisting, confirming that no alterations have been made. Or, if it detects alterations, your network can react appropriately to reroute traffic and issue notifications to make sure these issues can get resolved. In short, only trustworthy components of your network are engaged, ensuring more secure connections.

Step Three: Capitalize on your network’s trustworthiness

Trust verification and trusted path routing offer clear and significant security benefits to your mass-scale network, not to mention the peace of mind that comes with knowing your infrastructure is free of tampering and other malicious efforts. High network trust also offers significant benefits to your customers—benefits that complement the traditional network services they already use.

Building the business case: Trusted Path Routing helps you offer and monetize verifiable security measures to customers with strict demands.

Consider a few points that help you build a business case for implementing trust verification processes as a service provider:

  • You and your clients stand to benefit from complete verification of network integrity over the scope of an entire operation—a capability that would come in handy during audits and compliance checks.
  • Current network reporting capabilities often cannot provide complete verification of infrastructure elements or assure network trust.
  • Highly regulated, data-sensitive customers (financial, healthcare, government and military) place a high value on verifiable security measures like trusted path routing.
  • Network Trustworthiness can be combined with Segment Routing to help you offer new, unmatched levels of security and trust, even to mass-scale networks.
  • You can monetize this new networking design to offer extra-secure routing processes to clients—or what we call “Trusted Path Routing.”
  • These trusted paths can be customized for both speed and security, seeking out low-latency, low congestion connections in addition to requiring paths through infrastructure with explicit Trustworthy identities.

Related link: Learn more about Cisco’s approach to Segment Routing >

Conclusion

Network trustworthiness represents a growing field of opportunity for service providers - especially in applications for mass-scale networks. Combined with Trusted Path Routing and Segment Routing, trust verification allows you to expand your business by offering these new, advanced types of network connections to some of your most valuable customers and users.

Learn more