//
you're reading...
Information Security, IT & TECHNOLOGY

SDN Concerns and Benefits


ISACA-Logo

Software-defined networking (SDN) is the next big focus in network intelligence. When the network is virtualized into the software-driven layer, the operations become more automated with less administrative overhead, allowing administrators to deeply penetrate the network fabric, giving better control through the programming ability in addition to reducing cost. However, as enterprises look to adopt  SDN, the top issue is the concern for security. As with any software and interconnected system, whenever we shift the responsibility of day-to-day activities and operations to a programmable software, we also invariably introduce an element of risk. Whenever resources are available over a network, there is always a chance of them being compromised.

Whether the use of SDN takes the role of being a straightforward standards-based SDN solution or proprietary technology from a single vendor, the fact is that all SDN technologies create the same problem for organizations:  Organizations are forced to trust and depend on software that is new, relatively complicated and not fully understood. Although the positives of SDN are well known and widely discussed, the negative impact of it being exploited is still a black box. For example, what are the SDN vulnerabilities of which the organization must be aware? Do these vulnerabilities take different forms in the control layer as compared to the data layer? What do an SDN rootkit or man-in-the-middle attack look like? Does an SDN worm have a different DNA  structure, making it harder to be identified than a traditional worm? The problem with SDN is that each control point on the network becomes a potential target of attack. If weak, it can be converted into an entry point for attackers who can further conceal these golden gates and cover them up from detection from monitoring and management watchdogs.

It should also be noted that with new generation technologies overhauling the traditional network setup, the organization’s operational support systems (OSS) becomes more dependent on automation and software. Humans could face challenges in identifying network security issues with the use of the SDN fabric on the network.

The future of SDN is promising with its obvious business benefits. In the early days of application programming, however, security was not given enough attention to ensure that it was embedded in each line of code and reflected in the architecture and design of applications. The impact of this misstep is still seen by the industry today. Organizations can only try to anticipate what the attackers may target with SDN. The implementation of SDN, its protocols and the controller programming software are all new, and our knowledge on SDN attacks is limited. Before an organization embarks on an SDN deployment effort, the key will be how it will strategize in securing the system during the early design stage and continue to implement strategies and processes around it based on the growing knowledge of the vulnerabilities around the use of SDN.

Read Nikesh Dubey’s recent Journal article:
From Static Networks to Software-driven Networks—An Evolution in Process,” ISACA Journal, volume 4, 2016.

Nikesh Dubey, CISA, CISM, CRISC, CCISO, CISSP

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 121,179 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,357 other followers

Twitter Updates

Archives

July 2016
M T W T F S S
« Jun   Aug »
 123
45678910
11121314151617
18192021222324
25262728293031
%d bloggers like this: