right-arrow (6)Back

Mission Critical Infrastructure: Is your hardened switch tough on the outside but soft on the inside?

Groupe_887Feb. 22, 2023

You may have heard about the Colonial Pipeline ransomware attack that happened in May 2021. The attack crippled fuel deliveries in the United States on the East Coast by shutting down the entire pipeline. Cybersecurity attacks such as the example above can be avoided by ensuring network devices do not have any embedded backdoors which can be easily exploited.

Hardening your switch with advanced security features is just as important as hardening your switch on the outside. Network vendors might focus on hardening features on ruggedized switch such as extreme operating temperatures, shock, vibrations, power surges, and EMI/EMC variance; however, they neglect securing these devices against malicious actors and other cybersecurity features.

Alcatel-Lucent Enterprise hardened switch portfolio brings you the best of both worlds. The switches run on the widely deployed and field-proven Alcatel-Lucent Operating System (AOS) that offers high security, reliability, performance, and easy management.

The latest generation of hardened Ethernet switches from Alcatel-Lucent offers a wide variety of ruggedized switches including advanced Layer 3 switches with VPN capabilities such as the Alcatel-Lucent OmniSwitch® 6865 Hardened Ethernet Switch, Layer 2+ DIN mountable Alcatel-Lucent OmniSwitch® 6465 Compact Hardened Ethernet Switch and the cost efficient, extended temperature Alcatel-Lucent OmniSwitch 6465T® Extended Temperature Ethernet Switch.

Our secured AOS code includes independent third-party verification and validation with source code analysis, white box, and black box testing searching for vulnerabilities in external interfaces. This feature protects against backdoor threats, embedded malware, exploitable vulnerabilities, and exposure of proprietary and/or classified information. Furthermore, ALE software implements address space layout randomization (ASLR), where each switch boot generates a unique ‘randomized’ memory layout. This protects against address-based exploits, such as buffer overflows.

Another security feature which is available in our Hardened switch portfolio is MACsec Support. MACSec provides data integrity, data origin authentication, and (optionally) data encryption – all at Layer 2.

It is noteworthy to add that the ALE security strategy has received the highest levels of certification from government agencies, including Common Criteria (EAL2 and NDcPP), JITC, FIPS 140-2 and NIST.

Alcatel-Lucent Enterprise

Other security features and standards are available to be enabled to proactively secure the network; those features include TLS/SSL, SSHv2 and SFTP, SNMPv3, LLDP agent security, DDoS filtering triggers, DHCP relay/DHCP snooping, application fingerprinting/visibility, learned port security, and many others; for example, to dynamically allow network access control via User Network Profiles (UNPs).

Alcatel-Lucent Enterprise IoT Containment strategy allows securely onboarding your IoT and IoT devices.

These security features should also be implemented and deployed with security best-practices and provide multi-layered defense against cyber threats. Implementing a zero-trust architecture framework with micro and macro segmentation is the best approach to ensure your network is protected, but this is a methodology and a process and is not configured once and left alone.

Read more about the 5 phases to build a network micro-segmentation plan in our cybersecurity series of 2 articles.

Next time you are looking for hardened switching for your mission critical infrastructure, do not forget about the cybersecurity aspect. Look for a product that has also passed the most stringent objective and independent security attestations that can ensure the security of your critical infrastructure.

Abu-Bakar Dongula

Abu-bakar Dongula, Network Solution Architect, has more than 5 years experience in network architecture design, implementation, and support of mission-critical infrastructure and managed services. He has a growing track record of success across a broad range of technologies. His current focus is on cybersecurity, Data Center and mission-critical network solutions.