The notion that open radio access network (RAN) architecture is also, by extension, open to security threats is a bad misconception, according to Marc Rouanne, a veteran wireless industry executive.
Dish Network’s EVP and chief network officer views network security in contrasts — light and darkness. “I like to think of 4G networks as dark networks where you have no visibility, and I like to think of open technology, open RAN, as a place where you have visibility,” he told SDxCentral in a phone interview.
“Personally, I have a tendency to be more afraid and scared in darkness than in clear, visible light. Openness allows you to have visibility and it allows you to put your defense and your security where you see the threats might be coming,” Rouanne said. “Whereas in 4G networks, you’re praying in the dark that Ericsson or Nokia will not make a mistake in their black box, but you don’t know, you wait and see and then pray that you’re strong enough to resist when an attack is coming from out of nowhere.”
Rouanne and his team at Dish, which is assembling a nationwide, cloud native, open RAN 5G network from scratch, prefer to work in the light. It’s a different approach and one that Rouanne intends to prove out when the greenfield operator has a commercially available service.
The company maintains that it is still on pace to deploy 5G service in a single U.S. market by October. It’s faced delays thus far, but Rouanne claims that Dish has already worked through the biggest challenges and has inked most of the necessary deals with vendors that will support its broad deployment goals.
Dish Wants to Squash Many Misconceptions
Rouanne and his colleagues face many naysayers and are determined to squash what he views as ill-conceived perceptions with a live network that is poised to be the first of its kind at such a grand scale.
One of those misperceptions revolves around the number of vendors Dish has brought into the fold thus far. While Dish has inked deals with about 35 hardware, service, and software vendors to date — it sounds like a lot — Rouanne is quick to point out that Dish has still so far managed to assemble a network architecture with fewer vendors than traditional, existing wireless networks.
Dish’s greenfield status affords it the ability to simplify configurations and replicate the same network infrastructure throughout the country. “In existing networks in the U.S., they have thousands of configurations of base stations. Thousands! Wow, what a security threat that causes,” he said.
Dish is replicating the same configuration everywhere in its network so it can test it ad nauseum, he said. “We test it like crazy, which you can’t do when you have thousands of configurations.” This approach will allow Dish to “reach a level of security that has never been reached,” Rouanne claimed, calling it a significant value proposition as it plans to deploy private networks to enterprises in the form of network slices.
“When we did our architecture design, we looked at using existing technology and we just ruled it out. We could not have served our customers with what we call a traditional approach. We just could not deliver the security service-level agreements (SLAs) they are asking for, and we could not give them the keys on security,” he said.
Dish Taps Allot, Nokia, Palo Alto Networks for Security
Dish recently announced network security contracts with Allot, Nokia, and Palo Alto Networks, and it took a lot of time to reach that point because Rouanne and his colleagues have been testing various tools for about 18 months, he said.
“We’ve come to the conclusion that Allot has the most in-depth capabilities to detect, in real time, threats and with a lot of different techniques and capabilities,” Rouanne said. “We have an orchestrated network, so we can react by the millisecond and we can isolate any threats inside the network or outside, and reroute, isolate the slices, or the sub networks.”
Traffic on 5G networks that are currently available in the U.S. is all mixed together on the same routes, “it’s not sliced,” he said. “So if there is a threat, it’s impacting everyone. Whereas with our sliced, orchestrated network, we can separate the traffic and isolate it even on different routes or hardware if needed.”
Nokia is providing Dish with security orchestration capabilities, which acts as the brain of the network, making automated decisions about isolated slices, and changing policies in real time to strengthen the network’s security stature, Rouanne explained.
Dish turned to Palo Alto Networks to put the vendor’s software-based firewalls at the container level of its network, and that allows the operator to protect containers, or ports, in every instance of the network, he said.
Dish Places Trust in Visibility and Isolation
The operator is also, more broadly, fixated on maintaining unimpeded access to its software supply chain so it can source, test, challenge, scan, and constantly check the security stature of any piece of code that touches or interacts with its network, Rouanne explained. Dish also claims to have security embedded into its hardware because it’s brand new and features the latest technology on the market.
“When I think of the existing networks that have been built over the last 20 years, I know because I was selling them, there are so many [pieces of] hardware that have no embedded security. It’s scary and that’s nothing we want to do. I don’t know how you can sleep at night with all that hardware in the field,” he said.
Dish’s security policy is zero trust. “We trust nothing. We trust no vendor. We trust nobody. We just check everything and, once we check, we put security at every layer,” Rouanne said.
“Visibility is what makes you smarter when it comes to security,” and Dish is assuming all responsibility for the security of its network, he said. That effort includes educating and training prospective enterprise customers to adhere to the same zero-trust policies and follow the cloud-native principles that internet and cloud technology companies have developed and relied on for at least a decade.
“I believe a lot in isolation. We have all been educated through the virus [COVID-19],” Rouanne said. “Isolation is always a very strong measure. Once you detect very fast, if you isolate very fast then you are in good shape.
“For me this is so similar to trying to be the best in reacting against an attack like the virus. Speed, smartness, visibility, response, isolation, quarantine, that’s all what we do,” he said. “But you can do that only if you have the right architecture, and that’s what the 5G cloud nativeness is bringing us.”
"dish" - Google News
April 16, 2021 at 02:04AM
https://ift.tt/3dmhDHd
Dish's 5G Chief Extols Virtues of Visibility in Open RAN Security - SDxCentral
"dish" - Google News
https://ift.tt/2MXZLF4
Dengan hanya 20rb Anda bisa dapatkan hadiah ratusan ribu hingga jutaan rupiah
ReplyDeleteYuk merapat kesini I+O+N+Q+Q ^^
Bisa dp via pulsa juga (min 25rb)
Izin ya admin..:)
ReplyDeleteYuk mainkan permainan POKER No ROBOT 100% silahkan langsung saja merapat dan bermain POKER bersama kami di ARENADOMINO ditunggu ya gan.. :) WA +855 96 4967353