A Survey of Security in Software Defined Networks (Potential Atacks…
A Survey of Security in
Software Defined Networks
Highlight from July
Network improvements with SDN (middle boxes)
:keycap_star: Extensible and scalable network monitoring using OpenSAFE
:keycap_star: CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) IEEE
:keycap_star:Development of a secure traffic analysis system to trace malicious activities on internal networks IEEE
:keycap_star: Let SDN be your eyes: Secure forensics in data center networks,
Proposed solutions to DoS:
:star: Scalable and vigilant switch flow management in software-defined net- works,ACM
:star: A replication component for resilient OpenFlow-based networking, IEEE
:star: Source address validation solution with OpenFlow/NOX architecture. IEEE
:star: Delegating network security with more information. ACM
Identification of the state the devices are in a moment
Auditing, inventory of network devices
Opening the interfaces between network components has
the potential to introduce considerable vulnerabilities
SDN can develop security options (like TLS in Openflow), but it can be poorly implemented (misconfiguration)
DoS attack can overflow the memory resources of the infraestructure.
An attacker can overflow the controller with messages from the FD
A malicious app or a poorly design app that has many vulnerabilities can compromise the network.
A MITM is possible because TLS (openflow) is optional and the version is not specified t
A compromised controller or hypervisor can take over the data plane
The multiple virtual networks will need an credential storage, they must be containerized,.
An attacker can identify the policies to treat a packet depending on time delays and others, with this information, they can create a DoS attack.
It can happen at every level, because it is an open architecture, the intention is that it can be accessed easily by controllers (data plane) and applications (controller).
Centralized monitoring units
Virtualized Logical networks
3rd party network services
Switch management protocols
Open programmable interfaces
Logically centralized control
Modularity: monolithic (RYU, NOX, POX) or modular (Opendaylight).
Distributed physically: in cluster; in a hierarchy in which each controller has control over a limited number of FD
increased potential for Denial-of-Service (DoS) attacks
issue of trust between network elements
lack of best practices specific to SDN functions and components
Good: speed up the control and containment of network security threats.