The Top Five Security Considerations
While there is a lot of interest in the potential of Software Defined Networks, there are only a handful of actual production networks out there right now. Why? One reason is because of the security risks associated with deploying the existing technology. The Top Five Security Considerations for Software Defined Networking that need to be addressed to improve the security of this new architecture:
Secure the Controller
By separating the control and management plane from the data plane, the “brains” of the network are centralized, which theoretically enables you to make changes to improve the speed, efficiency and potentially security of your network, with just a few clicks. Because the controllers that manage the network can be used to do anything, it also means securing them is of paramount concern.
Depending on who you talk to, “putting all your eggs in one basket” so to speak, with all the brains of the network in the Controller can be seen as bad, representing a big target and vulnerability, or good, enabling the concentration of protection efforts on one thing. (Note, it may not be that dissimilar to DNS servers today – which are hugely disruptive if taken down or compromised, however, most network administrators feel fairly comfortable in their ability to protect the DNS servers in their network.)
Protect the Controller
Protecting the availability of the controller is also critical. Commercial solutions must easily enable redundancy to reduce the impact a compromise on one controller can have on the entire network.
Establish Trust Between the Controller and the Applications and Devices
Ensuring the integrity of anything that communicates with the controller is a critical first step in making sure the network is running as it should. There must be strong, mutual authentication for the applications that run on it, as well as the switches, routers and servers it controls. Also the communications channel needs to be secure to prevent attacks, such as man-in-the-middle.
Create Robust Policy Framework
Checks and balances are needed to ensure the network is operating as it should. When changes to the controller are made, there needs to be a framework in place to ensure they are in line with corporate policies and don’t open up security risks or knock the organization out of compliance.
Forensics and Remediation
Just as in any network, understanding what is going on or what happened is vital to being able to make changes that strengthen your overall security posture and better protect you from future threats.