Issue link: https://resources.mouser.com/i/1315957
| 48 Network Slicing A network slice is essentially a frozen network configuration, using the same 5G SDN and virtualization capabilities that enable dynamic real-time responses to network events. Unlike a virtual private network (VPN), which tunnels encrypted traffic through shared resources to a VPN server, a network slice comprises a set of dedicated virtual resources that are defined in an SDN configuration and served by NFV services. A high-security slice might include enhanced NFV firewalls and defensive nodes as part of its "frozen" configuration rather than as an on-demand response to an attack, as mentioned earlier. Conversely, a slice built for Internet of Things (IoT) applications might relax some security policies, conforming to the relatively lightweight security capabilities of resource-constrained IoT sensors for example. At the same time, a slice for financial networks could use a different SDN configuration provisioned with NFV services optimized for security as well as for high-volume, low- latency transactions. The ability to match specific domain requirements with optimized slices provides a security capability of importance that cannot be overstated. Combined with concepts such as micro-segmentation for finer-grained isolation, 5G solutions give providers a wealth of emerging tools that support and protect unique application-specific networks (ASNs). Security Challenges Physical Intrusions Despite all the advantages potentially available in underlying technologies of a 5G infrastructure, implementing a new architecture with these technologies presents its own share of challenges to security. Even the most fundamental element, the small cell, adds to security concerns. Although current cell towers present at least some level of challenge to physical attacks, small cells are physically more vulnerable, and with the need to deploy them in large numbers, they are readily accessible. Practically speaking, however, the threat of network penetration through physical access of a small cell is likely minimal. This is because the industry has gained considerable insight and experience in the local deployment of smart utility meters, for example, and proven tamper and intrusion detection mechanisms used in smart meters are readily available to limit the impact of physical attacks on small cells. Of course, cyberthieves do not require physical access to a small cell to attack the 5G network infrastructure, its services, or its users. In fact, [ C O N T ' D O N N E X T P A G E ]