Page 307 - Big data - Concept and application for telecommunications
P. 307

Big data - Concept and application for telecommunications                       5


            off more easily because the data forwarding function does not have to be in operation if there is no traffic.
            The simplification may also contribute to expand device lifetime. On the other hand, the functionality that is
            logically  centralized  may  become  complicated,  and  its  power  consumption  may  increase.  This  may  be
            mitigated by virtualizing the function and applying energy management in cloud computing.


            10      Security considerations

            The introduction of a high level of automation in the overall service delivery procedure by means of SDN and
            orchestration techniques raises security challenges.
            SDN provides new possibilities to combat security breaches. The affected resources may be easily and quickly
            isolated,  malicious  traffic  may  be  safely  terminated,  sensitive  flows  can  be  identified  and  separately
            transferred  in  a  more  secure  manner,  e.g.,  with  dedicated  equipment  and  security  protocols.  All  these
            processes may be automated due to SDN’s improved robustness.
            Moreover, a logically centralized SDN controller enables operators and/or entities that aim to make use of
            SDN capabilities to have a broader and/or global view of the current status of networks, which makes security
            operation easier and more efficient. SDN also raises new security issues. More functionalities traditionally
            implemented in hardware become software-based, and it becomes possible to modify their behavior through
            API, policy management, or lifecycle management functionalities. Therefore, it becomes critical to guarantee
            that  legitimate  person/function  does  appropriate  operation  with  these  functionalities  through  secure
            authentication and authorization.

            Appropriateness of operation may be checked by the introduction of formal method, whose requirement is
            described in [ITU-T Y.3320]. It is also important to prevent or mitigate other kinds of security breaches, e.g.,
            denial of service by e.g., filtering of packets to target functionality.

            A logically centralized controller can be a single point of failure, and can be a target of malicious attacks. It is
            therefore important to pay special attention to redundancy designs.

            The  possibilities  and  challenges  will  be  described  in  more  detail  in  forthcoming  ITU-T  X-series
            Recommendations.











































                                                                           Network and infrastructure    299
   302   303   304   305   306   307   308   309   310   311   312