Huawei and the Chinese PLA: Can We Trust NetStream Flows?
 |
POSTED BY Adam Powers on 09.13.2011 0 comments |
Just read a disturbing article in the Washington Times regarding potential ties between Huawei and the Chinese military ("PLA"). The Pentagon is afraid that Huawei might be colluding with the Chinese military to add "back doors" to the software/hardware found in their routers and switches. The entire report can be found here.
Huawei equipment generates "NetStream" flows. NetStream is a synonym for NetFlow. The record format and even the commands to enable NetStream are similar to that found in older versions of Cisco's IOS. They even call it "NDE" for "NetStream Data Exporter". Cisco uses the same term of "NDE" except they call it "NetFlow Data Export". Lancope's StealthWatch FlowCollector supports NetStream but in my experience we rarely see it in production in the US or EU.
Huawei has long been suspected of "borrowing" technology from Cisco Systems so the Pentagon's claims shouldn't come as a shock. Check out some of the comments attached to the bottom of the Times article. I for one will be sticking with tried-and-true Cisco gear for the foreseeable future. Besides, Cisco's Flexible NetFlow is vastly superior to anything provided by the Huawei's NetStream feature-set. This whole issue brings up a bigger concern with the continued globalization of chip manufacturing, how can we be sure that any manufacturer's chips are "PLA Free"?
So the real question is "can we trust the flows exported from a Huawei device?". I think the answer is yes. While there might be some deep, government conspiracy between the PLA and Huawei, I seriously doubt they have made any modifications to the flow export mechanism that would aid in espionage. But who knows really? Perhaps they have a secret blacklist that prevents the router from exporting flows from a specific chinese source IP? Would be easy to implement.
BTW: I came across the Washington Times article referenced above via the LinkedIn group CYBER SECURITY Forum Initiative - CSFI. Worth joining. Good conversations and articles.
My LinkedIn profile is here. Shoot me an invite!
Tweet
TAGS
Post a Comment
Join the conversation. Post a comment using the form below.