Network Security

How do we secure "Edge Computing" nodes from physical and network tampering?

G Asked by Gary Henderson · 14-07-2024
0 upvotes 9,499 views 0 comments
The question

We are deploying small compute nodes at our retail branches to process data locally before sending it to the cloud. Since these aren't in a secure data center, I’m worried about physical "cold boot" attacks or someone plugging a malicious USB into the hardware. What are the best practices for hardening the network edge in 2023? 

3 answers

0
SA
Answered on 20-08-2024

Physical security is the biggest hurdle for Edge. You must implement Full Disk Encryption (FDE) using a TPM 2.0 chip so the data is unreadable if the drive is pulled. On the network side, use "Zero Trust" principles—even though the device is on your "internal" branch network, it should have no trust. Use a certificate-based tunnel (like WireGuard or IPSec) to talk back to the mothership, and disable all unused physical ports (USB/Ethernet) in the BIOS/UEFI. 

0
W
Answered on 28-08-2024

If we disable the USB ports, how do our field technicians perform manual updates or diagnostics if the network connection drops? 

R 10-09-2024

William, to answer your question, we use "Encrypted Management Keys." The USB ports are disabled by default in the OS, but can be "unlocked" via a specific BIOS password or a physical hardware token that only the technician carries. This ensures that a random intruder can't just plug in a thumb drive, but your authorized staff still has a "break-glass" way to access the hardware for emergency maintenance.

0
LI
Answered on 15-09-2024

You should implement MACsec (Media Access Control Security) for the point-to-point link between the edge node and the local switch to prevent person-in-the-middle attacks.

GA 18-09-2024

Excellent advice, Linda. Encrypting traffic at Layer 2 is often forgotten at the branch level, but it’s critical when the physical cabling isn't behind a locked door.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session