Software Defined Networking (SDN) is a new way of providing virtualized networking. As with any new technology, potential security vulnerabilities need to be anticipated and addressed as much as possible. Of course, we can only try to anticipate what aspects of SDN hackers may target. The protocols are new, the controller software is new, and the history of past SDN attacks is unknown. Thus, we must leverage what we know about SDN and put ourselves in the attacker’s shoes to identify potential vulnerabilities.
One of the more common SDN security concerns include attacks at the various SDN architecture layers. The typical deployment consists of a lower layer of SDN-capable network devices, a middle layer of SDN controller(s), and a higher layer that includes the applications and services that request or configure the SDN. There are a number of preventative measures that can be taken at each level to counteract potential hackers. I outline these measures in my latest article for Network World, “SDN Security Attack Vectors and SDN Hardening.” Use this as a starting point for developing your SDN security plan, and feel free to connect with me at GTRI if you have additional questions or concerns.
