Cyber Security Considerations for the Edge-Cloud (Part 2)
Posted by Ido Gur on Aug 17, 2020
Tags: • 5G • mec• edgecomputing • edgecloud• cybersecurity
In Part 1, we discussed possible sources of cyber-attacks on the edge-cloud network. With the advent of edge and 5G technology and the more prominent use of IoT devices in our homes and cities, cybersecurity is more important than ever. In this article, we will see which design principles can be implemented at the core of the network to ensure the highest level of cybersecurity
How to Protect The Edge-Cloud from The Three Main Sources of Attacks
We pointed out that the main sources of issues in the edge-cloud can come from DDoS attacks, internet sources, and applications that are native to the network. All three represent a serious threat to data and functionality of the network. To prevent catastrophic damage, these lines of security need to be considered.
DDoS Attacks and Security
Distributed Denial of Service attacks overwhelm the network and prevent the normal traffic and requests from being fulfilled. These attacks are usually conducted through bots that get installed in network-connected devices. Once a botnet is established, the hacker can activate it at any time.
These types of attacks are the most common, and therefore, it’s crucial to implement hardened security solutions. Right at the outset, smart resource pools should be established for any consumable resource that could come under attack. It’s a good idea to allocate how much memory is allowed per a connected device, as well as the number of active network connections, TCP, and UDP ports. Another preventative measure to be taken is including watermarks and a reporting system that would alert the network of any malicious developments before the attacks are launched.
As a measure in case of a successful DDoS attack, the network design should include a system for the allocation of reserve resources. These can be deployed so that the network can manage to operate even during severe attacks. Resources can be freed up in an emergency mode, allowing the end-users to still have functionality within the network.
Protection from Internet Sources
As we mentioned in the last article, many devices and applications on the edge don’t need an active internet connection to function. Completely blocking off internet traffic is a safe way to prevent malicious attacks, especially when it comes to sensors and devices in warehouses or industrial IoT systems.
For services that require the internet, all connections need to be logged and monitored. An even better solution is to design a system that allows connections that originate only from local applications. These systems would block any and all packets arriving from the internet that are not associated with allowed and established connections
Solutions for Edge-Native Applications
Edge servers can be attacked from devices through DDoS, but applications running on those devices can also pose a problem. The application code could be designed with security holes or the authentication protocols can fail and enable easy entry points into the network. It’s crucial that communication between applications and servers is carefully monitored and secured.
As we move forward with the development of edge-cloud networks and devices, we need to ensure that our data and functionality is well protected. As with any new technology, cybersecurity can be a challenge at first. However, if we apply sound security principles in the base design of a network, we have already come a long way in ensuring security..