Please enable JavaScript.
Coggle requires JavaScript to display documents.
A Survey of Security in Software Defined Networks (Potential Atacks…
A Survey of Security in
Software Defined Networks
Network security
with SDN
Good: speed up the control and containment of network security threats.
Bad:
increased potential for Denial-of-Service (DoS) attacks
issue of trust between network elements
lack of best practices specific to SDN functions and components
SDN
controllers
Distributed physically: in cluster; in a hierarchy in which each controller has control over a limited number of FD
Modularity: monolithic (RYU, NOX, POX) or modular (Opendaylight).
SDN Characteristics
Logically centralized control
Open programmable interfaces
Switch management protocols
3rd party network services
Virtualized Logical networks
Centralized monitoring units
Potential
Atacks
Unauthorized access
It can happen at every level, because it is an open architecture, the intention is that it can be accessed easily by controllers (data plane) and applications (controller).
Data leakage
An attacker can identify the policies to treat a packet depending on time delays and others, with this information, they can create a DoS attack.
The multiple virtual networks will need an credential storage, they must be containerized,.
Data modification
A compromised controller or hypervisor can take over the data plane
A MITM is possible because TLS (openflow) is optional and the version is not specified t
Malicious/Compromised
application
A malicious app or a poorly design app that has many vulnerabilities can compromise the network.
DoS
An attacker can overflow the controller with messages from the FD
DoS attack can overflow the memory resources of the infraestructure.
Configuring issues
SDN can develop security options (like TLS in Openflow), but it can be poorly implemented (misconfiguration)
Opening the interfaces between network components has
the potential to introduce considerable vulnerabilities
System Level
SDN Security
Auditing, inventory of network devices
Identification of the state the devices are in a moment
Accountability
Highlight from July
Proposed solutions to DoS:
AVANT-GUARD:
:star: Scalable and vigilant switch flow management in software-defined net- works,ACM
:star: A replication component for resilient OpenFlow-based networking, IEEE
:star: Source address validation solution with OpenFlow/NOX architecture. IEEE
:star: Delegating network security with more information. ACM
Network improvements with SDN (middle boxes)
:keycap_star: Extensible and scalable network monitoring using OpenSAFE
:keycap_star: CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) IEEE
:keycap_star:Development of a secure traffic analysis system to trace malicious activities on internal networks IEEE
:keycap_star: Let SDN be your eyes: Secure forensics in data center networks,
