mercredi 16 octobre 2013

SDN: The security pros and cons of using it in your organization

A lire sur:

SDN benefits include automating and easing network administration duties and improving application performance. But it also introduces a number of potential threat vectors into your environment. What should you know before you invest in SDN?

By David Geer

October 07, 2013CSO — Software defined networking (SDN) moves networking from hardware to the software plane, under management of a software controller. Benefits include automating and easing network administration duties and improving application performance. As a new technology, SDN is subject to vulnerabilities.
But with SDN, the industry knows certain vulnerabilities are native to the approach. First, according to Chris Weber, Co-Founder, Casaba, centralizing control in an SDN controller removes protective, layered hardware boundaries such as firewalls. Second, according to Gartner analyst Neil MacDonald, by decoupling the control plane from the data plane, SDN introduces new surface areas such as the network controller, its protocols and APIs to attack.
Third, and an advantage of SDN, the software controller can be installed on COTS hardware on top of an OS such as Windows or Linux, also COTS, saving implementation and other costs. But according to Ramsey Dow, a Partner at Casaba, a host of historically recurring attacks such as buffer overflows that lead to remote code execution plagues these operating systems. And that places the SDN controller at the same risk as the OS.

[Still going rogue in the cloud]

Fourth, due to the centralized nature of an SDN controller, an APT only needs to compromise that controller to affect and potentially gain control over the entire network.
To rest easier, follow CSO on this journey through SDN security concerns and the options and controls that help.
SDN Vulnerabilities: Drilling Down
"My biggest concern with SDN is that we're removing time-honored physical segmentation from the network design and virtualizing all of it," says Dow, speaking of how SDN replaces layers of firewalls, interior switches and other hardware boundaries that have protected the traditional network with a virtual network.
And when SDN peels these layers away, it replaces them with an exposed layer of highly sensitive network skin, ripe for attack. "SDN creates an abstraction layer, says MacDonald, revealing new surfaces such as the network controller, the OpenFlow protocol, protocols such as XMPP that SDN may apply (depending on the implementation), and even vendor APIs to attack."
And just as the northbound side of the control plane becomes vulnerable, so does its underbelly. By installing the SDN controller on top of Windows, even on top of Linux, the enterprise opens it to all the software issues that repeat for everyday computer operating systems.
The latest security bulletin from Microsoft acknowledges five new Windows security vulnerabilities, all capable of enabling remote code execution. Developers also recently discovered four new vulnerabilities in Ubuntu, a popular Linux distribution.

Aucun commentaire:

Enregistrer un commentaire