NFV threats
NFV threats are located at intersection of virtualization and general
networking threats and, therefore, can be mitigated by hardening both
virtualization and networking protection.
Enabling NFV in a cloud environment brings the following threats:
- Intellectual Property related threats.
VNFs may come from different vendors that should
take measures to protect the proprietary code in VNFs against each
other and a cloud operator (Information disclosure).
- VNF images can be altered or replaced by a compromised one
(Tampering). To mitigate the tampering threat, provide
integrity verification for VNF images.
- Because of dynamic nature of NFV, network traffic loops may occur.
For example, when a VNF’s output goes to directly or through
intermediaries to its input. This may lead to the DoS amplification
attacks. Detect loops during topology validation or when forwarding
messages.
- The resources of the virtualisation infrastructure (storage, network
connections, memory, CPU, operating system resources) can be exhausted
by an attacker causing a DoS attack.
To mitigate the DoS attack caused by overconsumption of of the virtualisation
infrastructure resources, enable monitoring for degraded performance
and anomalies in resource allocation.
- When using the IOMMU technology (for example, Intel VT-d) to provide
the direct access from a network adapter to a VM’s memory, one VM can
access another VM’s memory, prevents VM from starting, alter a hypervisor
or take the whole host down.
To mitigate these threats (information disclosure, DoS, tampering),
verify that your network card uses
shared IOMMU
implemented in the
I/O chipset as a part of the SR-IOV standard.
- The cloned VNF image may contain confidential information such as
private keys, certificates, passwords and tokens. Once one of the
images is compromised, all clones are. To mitigate information
disclosure threat, use secure key management and a unique key pair
for every cloned image. Employ operator-controlled certification
authorities (CAs) for internal services such as management,
orchestration, and operation within NFVI.
- Diagnostic, debugging, and monitoring interfaces enabled
in a VNF for remote support can be exploited by attackers.
To prevent unauthorized access using VNFs, provide authorization to
control if a VNF can turn into a maintenance mode, what diagnostics
functions are allowed, and who can run them.