1. Field of the Invention
This invention relates to the field of information networks, and more particularly to a method and apparatus for securing a communications device using a logging module.
2. Description of the Related Art
Today's networks are an efficient and effective platform for providing communications between large numbers of computing devices. Each device on the network has easy access to the information and services provided by the other networked devices. The convenience of access, however, significantly increases the risk of an outside attack on one or more of these network devices. Network security is therefore of increasing importance.
To date, most of the functionality provided by network devices and other such communication systems is implemented in software, particularly in the control plane of such systems, with hardware simply providing for the acceleration of performance-critical functions. While software has some key advantages over hardware (e.g., flexibility, upgradeability and lower cost), software suffers from several disadvantages with regard security, including the ease with which software may be altered and the difficulty encountered in verifying software.
The ease with which software can be altered can allow an attacker to compromise restrictions on access to the network device (e.g., router), and so modify the software to defeat the network device's overall operation. This is particularly dangerous because the attacker can then use this compromised network device as an agent to proceed with further compromise of the network's security. Using an initial security hole as a stepping stone to further compromise a network is a common strategy in this regard.
Moreover, the flexibility/complexity of software typically results in an overall lower degree of “verification” than hardware. In fact, the term used in the software arts is “testing” (and not “verification”). This inability to fully exercise such systems portends the risk of unknown weaknesses, which can then be exploited by those wishing to subvert such systems' operations. The ease with which software can be altered also typically implies that any weak point in the software that permits the software to be compromised means that even well-tested software components can be modified to defeat security measures intended for their protection.
In contrast, functionality implemented in hardware cannot be easily altered by an attacker, save for an attacker having physical access to the system. Even then, it is extremely difficult to make such alterations without disrupting the operation of such equipment. Moreover, hardware is conventionally subjected to far more complete and rigorous verification. An equipment manufacturer is strongly incentivized to do so because of the enormous cost associated with the replacement of design-defective hardware in the field (or even late in the production and manufacturing cycle). However, despite these advantages, hardware implementations are also subject to a number of limitations, including being limited to relatively simple functionality and the need for configuration using software.
Hardware is typically limited to relatively simple functionality. In particular, it is impractical to implement complex security control mechanisms and protocols in hardware, at least in the sense of hard-coded state machines, special memories, registers and the like. Moreover, hardware is conventionally designed to be driven from configuration registers and tables that are written by software, so compromised software can effectively compromise hardware operations as well.
Thus, security features are continuously being developed and implemented to restrict access by unauthorized entities, and so protect such network devices, while maintaining ease of access by authorized entities. Unfortunately, many of the security solutions deployed to secure network devices are configurable via the network. For example, many such solutions are implemented in software or firmware. Though easy access to the configuration of security devices is convenient, this access can significantly undermine the effectiveness of the security device. An attacker can, for example, disable a security device by changing its configuration and then proceed to attack the now-defenseless network device. As will be appreciated, any weak link in the security chain can thus put the entire network at risk.
What is needed, therefore, is a mechanism to leverage the security properties of a system's hardware, and in so doing, improve security of the system (e.g., network device), without placing unrealistic demands on the system's hardware, either in terms of complexity or restricted configurability. Preferably, such a mechanism is itself inaccessible or (substantially) non-configurable, such that an attacker cannot compromise the security of the system. In addition, the security solution should be simple enough to implement cost-effectively.