Introducing ntopng Edge (nEdge): Monitoring, Service Segmentation and Security for the Network Edge

Posted · Add Comment

The network edge, either wired or wireless, is becoming increasingly important as most things now happen there being the place where devices are deployed. Security-wise, central firewalls are too far from the edge, and thus devices can roam freely – and potentially create troubles – in LANs without ever hitting a security device. The consequence is that LANs are becoming increasingly insecure, and the cloud is complicating all of this as it provides in encrypted connections – that are not inspectable by monitoring and security applications – the perfect ingredients for either providing smart services to users and creating troubles to the networks.

ntopng Edge (nEdge, for short) solves this problem by “cleaning” network traffic right at the edge. nEdge does not enforce IDS-like security rules (that are almost used today as a significant part of the traffic in encrypted), it uses a novel approach that enables network administrators to enforce policies on the basis of users and  Layer-7 applications traffic.

nEdge is basically the widely-known monitoring tool ntopng with the ability to operate inline mode to offer:

  • Ensured Internet Availability
    Network bandwidth is allocated either in fair-mode (everyone can have its slice of traffic so that there is not host on the net able to use all the Internet) or in cap-mode (user X cannot exceed bandwidth Y).
  • Service segmentation
    The implementation of service segmentation allows to implement a new concept of security, that is, user X can use only protocols A,B,C regardless of the devices he runs.
  • Insecure traffic blocking and alerting
    Protection is assured with the use of security-aware DNS services and blacklists to prevent users from accessing resources that have been marked as insecure such as malware sites.
  • Users and devices management
    Devices are bound to users either manually (i.e. device X is owned by user Y) or automatically through and embedded captive portal.

The hot features which characterize ntopng are still available into nEdge: accurate per-flow view of the traffic, traffic view by host, Autonomous Systems, Operating Systems, the ability to generate traffic reports and alerts, the automatic discovery of the devices into a network.

Contrary to all the other tools we coded until now, nEdge takes over the control of your system, and reconfigures (through its web GUI) all the network interfaces of the system to operate either as a bump-in-the-wire bridge or as a router. In bridge mode it acts as a fully transparent device that can be seamlessly deployed into an existing network to enhance security without changing existing network equipments and topology.

In routing mode, nEdge turns the system into an advanced router that supports multiple egress points. You can configure nEdge to use your preferred gateway, balance traffic across multiple gateways, and use a backup gateway when your main gateway is unavailable. In a nutshell, nEdge implements load-balancing, failover and multi-egress as only costly routers do.

This said, we are working towards a simplified version of nEdge that will be available this summer for low-end devices and that will finally bring security, malware protection, DPI, fair Internet access to all of us.

Stay tuned!