LOW-COST, SELF-HOSTED SECURE ACCESS SERVICE EDGE (SASE) SOLUTION USING AWS CLOUD INFRASTRUCTURE

Authors

  • Sai Teja Makani USA Author

Keywords:

Secure Access Service Edge, Virtual Private Network, Cloud Infrastructure, Open-Source Security, Network Performance Monitoring

Abstract

The proliferation of remote work and the need for secure, private access to corporate resources have heightened the necessity for robust Virtual Private Network (VPN) solutions, particularly for organizations handling sensitive data. This research paper introduces a low-cost, self-hosted Secure Access Service Edge (SASE) solution, utilizing cloud infrastructure to establish a scalable enterprise-grade VPN. The proposed system is entirely developed using open-source tools and operates across three Amazon Web Services (AWS) Virtual Private Clouds (VPCs) located in different geographic regions. Our methodology leverages a combination of pfSense for network security, OpenVPN for establishing secure tunnels, and iPerf for monitoring network performance. This blend of technologies ensures a comprehensive approach to network security and management, providing an end-to-end solution that maintains privacy and data integrity without the financial burden of commercial VPN services. The key to our approach is the integration of these tools within AWS's scalable environment, facilitating secure communication channels between distributed resources while enabling effective network management and threat mitigation. The system's architecture is designed to be both resilient and flexible, accommodating the dynamic needs of enterprises without compromising on security. Through the strategic placement of VPCs in different AWS regions, we ensure reduced latency and increased redundancy, which are critical for maintaining high availability and performance in enterprise applications. This geographical dispersion also aids in risk mitigation, particularly in the face of region-specific disruptions. An extensive experimental setup tests the viability and performance of the proposed SASE solution under various scenarios, including cross-regional data transfers, high-traffic conditions, and simulated network attacks. These experiments are critical in validating the resilience and scalability of the solution, providing empirical evidence to support its deployment in sensitive applications. Our research contributes to the field by demonstrating that a self-hosted, cloud-based SASE solution can achieve enterprise-level security and performance at a fraction of the cost of traditional VPN services. This paper not only explores the technical implementation of such a system but also examines its operational and economic benefits, making it a valuable reference for organizations seeking to enhance their network security infrastructure economically.

References

GigaOm Radar for Secure Access Service Edge (SASE) by Ivan McPhee, 2024.

https://gigaom.com/report/gigaom-radar-for-secure-access-service-edge-sase/

Smith, J. (2021). "Reevaluating Network Security in the Cloud Era," Journal of Cybersecurity and Cloud Infrastructure, 15(2), 134-145.

Johnson, L. (2022). "Unified Security Management through SASE," International Journal of Network Security, 19(1), 88-102.

Lee, H. (2020). "Adopting Zero-Trust Architectures in Enterprise Networks," Advances in Network Security, 17(3), 201-219.

Kumar, R. (2023). "Addressing Cloud Vulnerabilities with SASE," Security and Cloud Computing Review, 21(4), 176-190.

Five Compelling Benefits of a Managed SASE Solution by Francisca Segovia Garcia, 2023

https://www.paloaltonetworks.com/blog/2023/02/five-compelling-benefits-of-a-managed-sase-solution/

The Key Benefits and Challenges of SASE Adoption by Alex Cronin, 2023

https://hardwarenation.com/resources/blog/the-key-benefits-and-challenges-of-sase-adoption/

Makani, S. T., Panchakarla, B. P., & Pulyala, S. R. (2022). Enterprise-Grade Hosted VPN Services with AWS Infrastructure. Journal of Engineering and Applied Sciences Technology, SRC/JEAST-282. DOI: doi.org/10.47363/JEAST/2022(4)199

The Advantages of Integrating Networking and Security with SASE for Today’s Organizations by Michael Wood, 2021

https://securitytoday.com/articles/2021/11/02/the-advantages-of-integrating-networking-and-security.aspx

Towards the Integration of Security Practices in Agile Software Development: A Systematic Mapping Review by Yolanda Valdés-Rodríguez, Jorge Hochstetter-Diez, Jaime Díaz-Arancibia and Rodrigo Cadena-Martínez, 2023

https://www.mdpi.com/2076-3417/13/7/4578

SASE Integration Amid the Evolving Cybersecurity Landscape by Tom Field, 2023

https://www.bankinfosecurity.com/sase-integration-amid-evolving-cybersecurity-landscape-a-22924

Lee, C., & Kumar, D. (2023). "Holistic Security Measures in Cloud-Based Infrastructures." Journal of Cybersecurity and Cloud Computing, 5(1), 27-41.

Wang, X., et al. (2022). "Cloud-native Firewall Solutions: Advancements and Opportunities." International Journal of Cloud Computing, 15(4), 287-302.

Chen, Y., & Patel, R. (2023). "Enhancing Inter-VPC Communication with Transit Gateways." Journal of Cloud Infrastructure, 12(2), 165-180.

Lee, C., & Kumar, D. (2024). "Enterprise-grade Solutions for VPN Replacement." Journal of Network Security, 17(3), 205-220

Published

2024-02-10

Issue

Vol. 2 No. 1 (2024): INTERNATIONAL JOURNAL OF CYBER SECURITY (IJCS)

Section

Articles

License

Copyright (c) 2024 Sai Teja Makani (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Sai Teja Makani. (2024). LOW-COST, SELF-HOSTED SECURE ACCESS SERVICE EDGE (SASE) SOLUTION USING AWS CLOUD INFRASTRUCTURE. INTERNATIONAL JOURNAL OF CYBER SECURITY (IJCS), 2(1), 34-44. https://lib-index.com/index.php/IJCS/article/view/1790