Allowing employees to bring their own computer or smartphone from home carries a set of security risks that differs from the traditional ability to lock down devices with group policies. If employees aren’t diligent about staying current on malware protection and security patches, their computers can bring botnets and other undesirable elements into the corporate environment. That doesn’t mean employers need to keep BYOD gear off the network, but it might mean finding creative solutions to protecting the network.
One interesting approach to locking down the network is HP’s new Sentinel app. It’s an OpenFlow based approach that uses TippingPoint to provide regularly updated rules to an OpenFlow controller. The controller distributes rules to all OpenFlow-enabled devices on the network.
With security rules implemented at the port level at each switch, security is enhanced in two key ways.
Sentinel makes it easier to identify which device is infected. With software defined networking, it’s easier to find the exact device originating a request, which allows the IT team to work with the employee to clean up their computer.
Sentinel allows undesirable traffic to be isolated. Instead of allowing botnet traffic to make it all the way to the edge of the network, it’s blocked at the port when the infected device attempts to reach a known bad IP address or makes a known bad http request. If a user clicks a known phishing link in an email address, Sentinel can also trap that URL request and block it from reaching the destination. In both cases, DNS is re-routed away from the threat destination
The great thing about a solution like Sentinel is the ability to update data as frequently as TippingPoint updates their Digital Vaccine filters. Sentinel also automatically integrates with ArcSight for logging, so that compliance with any data retention policies is close to automatic.
You can see a demo of Sentinel in action in the following video.
0 comments on “Sentinel OpenFlow-Based Network Security”