Multi-level network architectures are commonly deployed, for instance, where disparate networking resources are required to establish particular network data paths across and particularly between network zones and/or interfaces in order to deliver a particular service or application. Physical separation between network resources is also commonplace in high security implementations, for example, where physically isolated network security zones may be required to secure back end resources for instance deployed in a high security zone from public and/or low security authorized user zones. In some high security installations, the establishment of physically isolated networking devices/appliances is in fact a requirement to satisfy security compliance standards beyond basic commercial networking standards, such as described in the Federal Information Processing Standard (FIPS 140-2) document published by the United States National Institutes of Standards and Technology (NIST), for example, and above. Accordingly, a network security zoning architecture may be invoked to physically separate a high security zone in which a sensitive restricted-access database or application server is implemented, from a public access zone operated in accordance with reduced access security standards so to allow greater user access and operation.
Generally, a multi-level network architecture, such as a network security zoning architecture, will take the form of a stack of distinct network-enabled devices, interconnected in accordance with a designated operational network design via a series of corresponding physical network interface controllers and cables, to relay data, commands and instructions over a set of established (secured) data channels. In doing so, reasonable security strength can be achieved by virtue of the respective physical segregation of the externally interconnected networking devices, though network tampering may nonetheless result from physical reconnection of the subject devices, unauthorized local access via external physical connection to one or more of the subject devices, introduction of an unauthorized hacking device, or again by unauthorized reallocation of software-defined ports and/or data channels on tampered or otherwise compromised devices, to name a few examples. It is therefore considered critical to also ensure the physical security of such architectures.
Alternative solutions to physically segregated network devices may include the virtualization of certain network resources through software so as to combine multiple such resources on a same networking device or appliance. Accordingly, rather than to physically interconnect networking devices as above, a set of virtual network interface controllers may be configured in software to define appropriate virtual interfaces between the various network components virtualized on a same physical device. In the context of network security zoning, system designers may seek to at least partially collapse a given network zoning architecture into one or more virtualization zones (e.g. physically segregated zone-by-zone virtualization or physically aggregated zone virtualizations—see for example, Network Segmentation in Virtualized Environments by vmware: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/network_segmentation.pdf). Contrary to its physical implementation, a virtualized zoning architecture will interconnect virtualized servers via virtual switches, network interface controllers and the like to reduce required hardware. In doing so, the system becomes easier to implement and customize through software management applications, but also becomes more vulnerable to misconfigurations of, or tampering with, the virtualized system components, which may result in loss of zone isolations and/or data breaches
This background information is provided to reveal information believed by the applicant to be of possible relevance. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art or forms part of the general common knowledge in the relevant art.