Protecting Your AMF Plus Network from Vulnerabilities

By Rebecca Officer

In the last few years, the networking equipment industry has seen a rise in the number of serious threats to network security from vulnerabilities that can lead to data leakage and denial of service (DoS) attacks. Our Autonomous Management Framework™ Plus (AMF Plus) can help network administrators protect their networks and data from sophisticated attacks by using advanced levels of security to reduce vulnerabilities and risk.

Autonomous Management Framework Plus (AMF Plus)

AMF Plus is a powerful and convenient tool to simplify network management. It reduces management cost and complexity by delivering centralized management of many or all devices right across the network—locally or worldwide.

AMF Plus's network automation allows zero-touch or one-touch backup, provisioning, upgrade and recovery, while superior network intelligence reacts to changes in the network and automatically changes the topology. Plus, AMF Plus's smart commands let you quickly identify network problems and resolve issues.

AMF Plus includes numerous security features by default, with a strong focus on providing both security and convenience. However, you can also enable extra optional features to maximize security.

The default security level

By default, AMF Plus operates on a closed physical network and only exchanges AMF Plus messages across links that have been configured as AMF Plus links.

The AMF Plus protocol is not IP-based, which means that it does not listen to connection requests over the Internet. AMF Plus networks are not subject to remote access.

AMF Plus creates a virtual L2 (Layer 2) management network, which is secure because the device blocks packets from external networks from entering the AMF Plus L2 management network.

All of this means that attackers can only compromise an AMF Plus network if they have physical access to it—unless it includes virtual links over insecure paths. See "Protecting AMF Plus virtual links" for more information.

There have been reports of large-scale attacks on third-party devices, which were exploited remotely through their auto-configuration solutions. AMF Plus auto-recovery and provisioning allow auto-configuration of new devices, but AMF Plus is not affected by the reported vulnerabilities. AMF Plus is not susceptible to attack by remote Internet hosts because the AMF Plus protocol, by design, is only available to link partners.

However, any privileged user on any AMF Plus node can configure any other AMF Plus node in the network.

We recommend using the default security level only when: all your AMF Plus nodes are in a physically isolated location, you have no AMF Plus virtual links over insecure paths, and you have complete trust in all the privileged users on all your AMF Plus nodes.

AMF Plus link management

You should only configure a link as an AMF Plus link if it specifically connects two AMF Plus nodes together.

If you do this, attackers can only inject packets into an AMF Plus network if they replace one of the actual nodes of the network with another device. An attacker cannot simply connect an extra device into the network. You can prevent an attacker from replacing a node by keeping all AMF Plus nodes in a physically secure location, and/or by using secure mode.

Increasing AMF Plus security

There are three things you can do to increase AMF Plus security. You can configure AMF Plus "restricted login"; you can use VPNs to protect any AMF Plus virtual links that are over insecure paths, and you can enable AMF Plus "Secure Mode". The following sections describe these three options.

Restricted login

With restricted login, only privileged users on the AMF Plus master can use working sets and automatic connections to other AAMF Plus nodes. To maximize the benefit of restricted login, the AMF Plus master should be in a physically secure location.

Protecting AMF Plus virtual links

AMF Plus virtual links connect non-adjacent nodes by tunneling AMF Plus traffic over the devices in the path between the nodes. This means virtual link security depends on the security of the devices between the nodes. If you are not sure that all those devices are secure, you need to protect the virtual link – especially if it goes over the Internet.

You can protect AMF Plus virtual links by creating a VPN between the parts of the path that you consider insecure.

Note that VPNs are not necessary for protecting AMF Plus virtual links if you use Secure Mode, because Secure Mode encrypts the vpackets. However, if the same path carries other traffic, you need to protect that traffic with a VPN.

Secure mode

For the highest level of security within an AMF Plus network, you can enable AMF Plus “Secure Mode”. In this mode, AlliedWare Plus encrypts all AMF Plus packets and uses certificates to verify the identity of each node in the AMF Plus network.

Secure Mode also automatically enables restricted login— and it can't be disabled.

Further, in Secure Mode a node can only join the AMF Plus network if it has been authorized by a privileged user on the AMF Plus master. This makes it impossible for an attacker to connect a device without your knowledge.

Configuring extra security features

These features let you control the level of security of your AAMF Plus network, without losing the convenience of AMF Plus's centralized management and monitoring.

You do not need an additional license to use any of these extra security features, other than the AMF Plus master license.

For details about configuring the features, see the "Securing AMF Plus" chapter of the AMF Plus Feature Overview and Configuration Guide.