In the last few years, the networking equipment industry has seen a rise in the number of serious threats to network security from vulnerabilities that can lead to data leakage and denial of service (DoS) attacks. Our Autonomous Management Framework™ (AMF) can help network administers protect their networks and data from sophisticated attacks by using advanced levels of security to reduce vulnerabilities and risk.

Autonomous Management Framework (AMF)

AMF is a powerful and convenient tool to simplify network management. It reduces management cost and complexity by delivering centralized management of many or all devices right across the network—locally or world-wide.

AMF's network automation allows zero-touch or one-touch backup, provisioning, upgrade and recovery, while superior network intelligence reacts to changes in the network and automatically changes the topology. Plus, AMF's smart commands let you quickly identify network problems and resolve issues.

AMF includes numerous security features by default, with a strong focus on providing both security and convenience. However, you can also enable extra optional features to maximize security.

The default security level

By default, AMF operates on a closed physical network and only exchanges AMF messages across links that have been configured as AMF links.

The AMF protocol is not IP-based, which means that it does not listen to connection requests over the Internet. AMF networks are not subject to remote access.

AMF creates a virtual L2 (Layer 2) management network, which is secure because the device blocks packets from external networks from entering the AMF L2 management network.

All of this means that attackers can only compromise an AMF network if they have physical access to it—unless it includes virtual links over insecure paths. See "Protecting AMF virtual links" for more information.

There have been reports of large-scale attacks on third-party devices, which were exploited remotely through their auto-configuration solutions. AMF auto-recovery and provisioning allow auto-configuration of new devices, but AMF is not affected by the reported vulnerabilities. AMF is not susceptible to attack by remote Internet hosts because the AMF protocol, by design, is only available to link partners.

However, any privileged user on any AMF node can configure any other AMF node in the network.

We recommend using the default security level only when: all your AMF nodes are in a physically-isolated location, you have no AMF virtual links over insecure paths, and you have complete trust in all the privileged users on all your AMF nodes.

AMF link management

You should only configure a link as an AMF link if it specifically connects two AMF nodes together.

If you do this, attackers can only inject packets into an AMF network if they replace one of the actual nodes of the network with another device. An attacker cannot simply connect an extra device into the network. You can prevent an attacker from replacing a node by keeping all AMF nodes in a physically-secure location, and/or by using secure mode.

Increasing AMF security

There are three things you can do to increase AMF security. You can configure AMF "restricted login"; you can use VPNs to protect any AMF virtual links that are over insecure paths; and you can enable AMF "Secure Mode". The following sections describe these three options.

Restricted login

With restricted login, only privileged users on the AMF master can use working-sets and automatic connections to other AMF nodes. To maximize the benefit of restricted login, the AMF master should be in a physically-secure location.

Protecting AMF virtual links

AMF virtual links connect non-adjacent nodes by tunnelling AMF traffic over the devices in the path between the nodes. This means virtual link security depends on the security of the devices between the nodes. If you are not sure that all those devices are secure, you need to protect the virtual link – especially if it goes over the Internet.

You can protect AMF virtual links by creating a VPN between the parts of the path that you consider insecure.

Note that VPNs are not necessary for protecting AMF virtual links if you use Secure Mode, because Secure Mode encrypts the AMF packets. However, if the same path carries other traffic, you need to protect that traffic with a VPN.

Secure Mode

For the highest level of security within an AMF network, you can enable AMF “Secure Mode”. In this mode, AlliedWare PlusTM encrypts all AMF packets and uses certificates to verify the identity of each node in the AMF network.

Secure Mode also automatically enables restricted login— and it can't be disabled.

Further, in Secure Mode a node can only join the AMF network if it has been authorized by a privileged user on the AMF master. This makes it impossible for an attacker to connect a device without your knowledge.

Configuring extra security features

These features let you control the level of security of your AMF network, without losing the convenience of AMF's centralized management and monitoring.

You do not need an additional license to use any of these extra security features, other than the AMF master license.

For details about configuring the features, see the "Securing AMF" chapter of the AMF Feature Overview and Configuration Guide.