Security considerations – Understanding Network and Security for Near-Edge Computing

The inbuilt encryption makes it more difficult to inspect network traffic for security purposes, such as intrusion detection or deep packet inspection. Network administrators and security professionals may need to adapt their monitoring and security practices to accommodate the encrypted nature of HTTP/3 and QUIC.

Increased complexity for troubleshooting

The layered nature of these protocols and their interactions with various network components make diagnosing and resolving problems more challenging. Network administrators and developers may need to acquire new skills and tools to effectively troubleshoot issues specific to HTTP/3 and QUIC.

Current status

Download Wireshark and do a packet capture while browsing your favorite websites. One thing will be apparent – almost any video-streaming service, such as NetFlix, YouTube, Hulu, or Amazon Prime, makes heavy use of QUIC. At the time of writing, content delivery networks, and the media industry in particular, have been leading the way in adoption. However, this hasn’t been the case with enterprise applications in general.

As the protocols continue to evolve and gain broader support, their drawbacks are expected to diminish over time. Many of the challenges are being actively addressed, although, like any sea-change in IT, there will be a long tail of organizations who continue to use firewalls or servers that are not compatible for the foreseeable future.

Securing networks at the near edge

Securing edge computing resources is crucial to protect sensitive data and ensure the integrity and availability of services. Unlike resources in the cloud, you cannot assume mitigations such as the AWS Nitro platform are in place to prevent, for example, a poison ARP/MAC spoofing attack across an Ethernet segment.

Identity and Access Management (IAM)

Implement robust IAM policies and practices to control access to edge computing resources. Ensure that only authorized individuals or systems have appropriate privileges to interact with the resources. Use strong authentication mechanisms such as Multi-Factor Authentication (MFA) and enforce the principle of least privilege to limit access rights to what is necessary.

Encryption

Implement end-to-end encryption for data transmission and storage in edge computing environments. Use industry-standard encryption algorithms and protocols to secure data in transit and at rest. Encryption helps protect data from unauthorized access or interception, especially in scenarios where edge devices communicate over public networks.

Secure communication protocols

Use secure communication protocols, such as Transport Layer Security (TLS), for secure communication between edge devices, gateways, and the cloud. TLS provides encryption and authentication mechanisms that protect data from eavesdropping and tampering. Ensure proper certificate management and use trusted certificates to establish secure connections.

Device hardening

Apply security best practices to harden edge devices and gateways. This includes regularly patching and updating firmware, disabling unnecessary services and ports, and configuring secure network settings. Employ Intrusion Detection And Prevention Systems (IDS/IPS) to monitor and mitigate potential security threats.