The Top Five Security Considerations
While there is a lot of interest in the potential of Software Defined Networks, there are only a handful of actual production networks out there right now. Why? One reason is because of the security risks associated with deploying the existing technology. The Top Five Security Considerations for Software Defined Networking that need to be addressed to improve the security of this new architecture:
Secure the Controller
By separating the control and management plane from the data plane, the “brains” of the network are centralized, which theoretically enables you to make changes to improve the speed, efficiency and potentially security of your network, with just a few clicks. Because the controllers that manage the network can be used to do anything, it also means securing them is of paramount concern.
Depending on who you talk to, “putting all your eggs in one basket” so to speak, with all the brains of the network in the Controller can be seen as bad, representing a big target and vulnerability, or good, enabling the concentration of protection efforts on one thing. (Note, it may not be that dissimilar to DNS servers today – which are hugely disruptive if taken down or compromised, however, most network administrators feel fairly comfortable in their ability to protect the DNS servers in their network.)
Protect the Controller
Protecting the availability of the controller is also critical. Commercial solutions must easily enable redundancy to reduce the impact a compromise on one controller can have on the entire network.
Establish Trust Between the Controller and the Applications and Devices
Ensuring the integrity of anything that communicates with the controller is a critical first step in making sure the network is running as it should. There must be strong, mutual authentication for the applications that run on it, as well as the switches, routers and servers it controls. Also the communications channel needs to be secure to prevent attacks, such as man-in-the-middle.
Create Robust Policy Framework
Checks and balances are needed to ensure the network is operating as it should. When changes to the controller are made, there needs to be a framework in place to ensure they are in line with corporate policies and don’t open up security risks or knock the organization out of compliance.
Forensics and Remediation
Just as in any network, understanding what is going on or what happened is vital to being able to make changes that strengthen your overall security posture and better protect you from future threats.
Most likely these risks will be addressed as the technology matures and more commercial offerings are made available to the market, but it’s important to keep in mind what needs to happen before wide-scale, production deployments can be considered. For more details and analysis, check out “The Top Security Considerations of Software Defined Networks” Market Insight.
Check out more from Contributors on SDNCentral:
- The Role of Abstractions in DevOps
- Why NFV Will Be a Reality Soon
- Clearing Up Common Misconceptions About DevOps
- The Most Important Work in SDN: Have We Got It Backward?
- Don’t Confuse ‘High Availability’ with ‘Carrier Grade’
CONTRIBUTED ARTICLE DISCLAIMER:
Statements and opinions expressed in articles, reviews and other materials herein are those of the authors; the editors and publishers.
While every care has been taken in the selection of this information and reasonable attempts are made to present up-to-date and accurate information, SDNCentral cannot guarantee that inaccuracies will not occur. SDNCentral will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within this site, or any information accessed through this site.
The content of any third party web site which you link to from the SDNCentral site are entirely out of the control of SDNCentral, and you proceed at your own risk. These links are provided purely for your convenience. They do not imply SDNCentral’s endorsement or association. The copyright and any other intellectual property right any third party content belongs to the author and/or other applicable third party.