Beruflich Dokumente
Kultur Dokumente
Many things have been said about the ability of SDNs to solve security
problems. However this technology is still unfamiliar to many network engineers, the history of attacks is
unknown and thousands of undiscovered vulnerabilities are out there.
This article focuses on classifying SDN-related attacks. Nine potential security threats and their counter-
measurements are analyzed based on the 3 planes of the SDN architecture (Data, Control and Application).
By abstracting network-related services, a network engineer can have more flexibility and accuracy when
configuring a service. SDN use cases from the real world can be found here.
In traditional networking, the control plane and data plane exist on each device. SDN on the other hand,
abstracts this concept and separates the two planes. To add flexibility, the control plane is placed directly on
a SDN controller which can be a Linux server running SDN software and Data plane is located on a physical
or virtual switch. The SDN controller becomes a critical component that tells switches how to forward data
packets. Both planes can communicate through a protocol such as OpenFlow.
In addition to allowing a flexible network, SDN also brings programmability and simplicity to the network
management. With these benefits, SDN could easily replace traditional networks. But given how this trend is
changing, how could an organization implement a secured SDN and protect from unfamiliar
vulnerabilities and exploits?
From a security point of view, the mere separation of control and data planes in SDN could improve the
network. Instead of the evenly distributed traditional networks, now the entire network is controlled by a
single point of control, or from a hacker’s point of view “a high value asset”.
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/ 1/5
20/07/2018 9 Types of Software Defined Network attacks and how to protect from them - RouterFreak
By centralizing the control plane, the SDN can provide excellent control over the entire network but it can
also increase the workload of the administrator since the security must be deployed manually.
SDN is exposed to more risks when it offers programmatic access to users. Consider the case where users
are forced to “trust” and depend on third party applications or standard-based solutions with the keys to the
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/ 2/5
20/07/2018 9 Types of Software Defined Network attacks and how to protect from them - RouterFreak
network. Another case is where control information and management of network elements might be
exploited if isolation is not properly implemented.
Figure 1
1. Network Manipulation: A critical attack that occurs on the control plane. An attacker compromises the
SDN controller, produces false network data and initiates other attacks on the entire network.
How to protect: To mitigate this attack, the SDN controller should have a redundant entity and the
communication channels should be protected using strong encryption.
2. Traffic diversion: This attack occurs to the network elements at the data plane. The attack compromises a
network element to redirect traffic flows and allow eavesdropping.
How to protect: Secure network elements and its communication channels with strong encryption.
3. Side channel attack: The network elements at the data plane can be the target of this attack. Timing
information, such as how long a new network connection takes to establish, can inform an attacker if a
flow rule exists or not.
How to protect: Secure network elements with strong an encryption algorithm.
4. App manipulation: This attack takes place in the application plane. An exploit of application vulnerability
could cause malfunction, disruption of service, or eavesdrop of data. An attacker could gain access with
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/ 3/5
20/07/2018 9 Types of Software Defined Network attacks and how to protect from them - RouterFreak
To fully commit to SDN, some security challenges need to be taken care of, such as network centralized
control and programmability features. But technology is not going to take us backwards in time, SDN is
gaining popularity and its improvements are happening extremely fast. With SDNs is probable that we are
going to see a lot more security benefits compared to traditional networks.
For now we can learn from the past and prepare a security plan before migrating to SDN. It is not so easy
to learn from mistakes when the whole corporate data is at the hands of a new technology.
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/ 4/5
20/07/2018 9 Types of Software Defined Network attacks and how to protect from them - RouterFreak
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/ 5/5