SD-WAN Threat Landscape

IEEE Access

Software-Defined networking (SDN) is a networking paradigm to enable dynamic, flexible, and programmatically efficient configuration of networks to revolutionize network control and management via separation of the control plane and data plane. The SDN technology has evolved in response to the demands from large data centers toward all types of networks, from IoT, enterprise, to ISP networks. On the one hand, SDN has provided solutions for high-demand resources, managing unpredictable data traffic patterns, and rapid network reconfiguration. It is further used to enhance network virtualization and security. On the other hand, SDN is still subject to many traditional network security threats. It also introduces new security vulnerabilities, primarily due to its logically centralized control plane infrastructure and functions. In this paper, we conduct a comprehensive survey on the core functionality of SDN from the perspective of secure communication infrastructure at different scales. A specific focus is put forward to address the challenges in securing SDN-based communications, with efforts taken up to address them. We further categorize the appropriate solutions for specific threats at each layer of SDN infrastructures. Lastly, security implications and future research trends are highlighted to provide insights for future research.

International Journal of Applied Metaheuristic Computing

Software defined networking (SDN), a new attempt in addressing the existing challenges in the legacy network architecture, is lime-lighted due to its simplified approach in managing the networks and its capability of programmability. In progressing with software defined networks implementation, security remains a high priority focus. The advantage of SDN itself opens a wide ground in posing new security threats and challenges. Focusing on the security of the SDN is a prime factor as it reflects on the growth of SDN technology implementation. This article focuses on the various existing security solutions available for SDN and the real challenge in securing the SDN providing the researchers a paved platform to work on further securing the networks. This article is designed with an introduction on SDN, its architecture, the available security solutions for the network, the leveraging threats and type of attack possibilities in SDN. This article concludes with the requirements of secur...

Advances in Systems Analysis, Software Engineering, and High Performance Computing

The chapter surveys the analysis of all the security aspects of software-defined network and determines the areas that are prone to security attacks in the given software-defined network architecture. If the fundamental network topology information is poisoned, all the dependent network services will become immediately affected, causing catastrophic problems like host location hijacking attack, link fabrication attack, denial of service attack, man in the middle attack. These attacks affect the following features of SDN: availability, performance, integrity, and security. The flexibility in the programmability of control plane has both acted as a bane as well as a boon to SDN. Like the ARP poisoning in the legacy networks, there are several other vulnerabilities in the SDN architecture as well.

International Journal of Reconfigurable and Embedded Systems (IJRES)

In software-defined networking (SDN), network traffic is managed by software controllers or application programming interfaces (APIs) rather than hardware components. It differs from traditional networks, which use switches and routers to control traffic. Using SDN, you can create and control virtual networks or traditional hardware networks. Furthermore, OpenFlow allows network administrators to control exact network behavior through centralized control of packet forwarding. For these reasons, SDN has advantages over certain security issues, unlike traditional networks. However, most of the existing vulnerabilities and security threats in the traditional network also impact the SDN network. This document presents the attacks targeting the SDN network and the solutions that protect against these attacks. In addition, we introduce a variety of SDN security controls, such as intrusion detection systems (IDS)/intrusion prevention system (IPS), and firewalls. Towards the end, we outline...

International Journal of Applied Mathematics, Electronics and Computers, 2016

The number of devices connected to the Internet is increasing, data centers are growing continuously and computer networks are getting more complex. Traditional network management approach is becoming more difficult and insufficient. Software-Defined Networks (SDN) is a new generation networking approach which is expected to take place of the traditional computer networks. SDN architecture provides effective management of the large and complex networks. Although SDN have benefits from the network security perspective, it also brings new attack vectors. We believe that the network security problems in SDN architecture need more advanced solutions. In this work, a survey on the SDN security problems is presented, challenges are discussed. In this context, security threats and attack surfaces in SDN are described, the significant SDN security solution examples in the literature are given.

IEEE Communications Magazine, 2015

Software-Defined Networking (SDN) is a new networking paradigm that decouples the forwarding and control planestraditionally being coupled with one another-while adopting a logically centralized architecture aiming to increase network agility and programability. While many efforts are currently being made to standardize this emerging paradigm, careful attentions need to be paid to security at this early design stage too, rather than waiting until the technology becomes mature, thereby potentially avoiding previous pitfalls made when designing the Internet in the 80's. This article focuses on the security aspects of SDN networks. We begin by discussing the new security pros that SDN brings and by showing how some of the long-lasting issues in network security can be addressed by exploiting SDN capabilities. Then, we describe the new security threats that SDN is faced with and discuss possible techniques that can be used to prevent and mitigate such threats.

Networks of the Future, 2017

The future networks are expected to lead a hyper-connected society with the promise of high social and economic value. The goal is to solve today's network problems and provide satisfactory security. Thus, the future networks require a flexible infrastructure that is secure against cyberattacks. Software defined networking (SDN) can be considered as one of the building blocks of upcoming networking technologies. In this chapter, first, the limitations of today's networks are presented. Then, solutions to secure the networks with SDN components are given. This concept is referred to as "SDN for Security." While SDN facilitates securing networks in general, it introduces additional challenges, mainly, the vulnerabilities of the SDN components such as the controller have to be addressed. Security for SDN aims at securing SDN assets and is discussed in the sequel. After reading this chapter, readers will obtain a comprehensive overview of the limitations of traditional networks, such as how SDN overcomes those limitations and the security issues thereof.

International Journal of Computer Networks and Applications (IJCNA), 2022

In the current digitalized world, everything is interconnected and accessible from everywhere. Although traditional networks are widely adopted, their management is complicated. Therefore, they are not effective in providing services to the future Internet like a wide range of accessibility, high bandwidth, management, and security. On the other hand, Traditional network architecture relies on manual configurations of proprietary devices that are error-prone and inefficient to utilize the network devices properly. Softwaredefined Networking (SDN) has drawn massive changes in the traditional network paradigm by decoupling the network operations from the physical hardware and encouraging network control to be logically centralized. It provides network programmability and improves security by enabling a global view of the entire network and issues handled effectively by the centralized controller. As a result, SDN allows networks to monitor the traffic and detect vulnerabilities more effectively. It also simplifies the deployment of new services with more flexibility at a faster pace. On the other hand, the decoupling of control and the data planes introduces security threats such as Distributed Denial of Service (DDoS) attacks, Man in the Middle attacks, Saturation attacks, etc. As a result, SDN has attracted a lot of interest from both academics and industry. In this paper, we study security vulnerabilities on layers of SDN, the security frameworks that protect each layer, and many security methodologies for network-wide security.

2017

Software-Defined-Networking (SDN) is a paradigm shift that re-thinks conventional legacy network design/operations/abstractions and makes future networks openly programmable, controllable, scalable and affordable. As a game changer in modern internetworking technologies, SDN is widely accepted by enterprises, with use in domains ranging from private home networks to small/medium scale workgroup networks to corporate backbone to large-scale wide-area cloud networks. Employing SDN in modern networks provides the much needed agility and visibility to orchestrate and deploy network solutions. But from the security perspectives in terms of threat attack prediction and risk mitigation, especially for the advanced persistent attacks such as DDoS and side channel attacks in Clouds, SDN stack control plane saturation attacks, switch flow table exhaustion attacks there are still open challenges in SDN environments. In this paper, at first, we present the taxonomy of threats, risks and attack ...

IEEE Communication Magazine

The emergence of Software Defined Networks (SDNs) promises to dramatically simplify network management and enable innovation through network programmability. Despite all the hype surrounded by the SDNs, exploiting its full potential is demanding. Security is still being the key concern and is an equally striking challenge that reduces the growth of SDNs. Moreover, the deployment of novel entities and the introduction of several architectural components of SDNs pose new security threats and vulnerabilities. Besides, the landscape of digital threats and cyber-attacks is evolving tremendously while considering SDNs as a potential target to have even more devastating effects than using simple networks. Security is not considered as part of the initial SDN design; therefore, it must be raised on the agenda. The paper discusses the state-of-the-art security solutions proposed to secure SDNs. We classify the security solutions in the literature by presenting a thematic taxonomy based on SDN layers/interfaces, security measures, simulation environments, and security objectives. Moreover, the paper points out the possible attacks and threat vectors targeting different layers/interfaces of the SDNs. The potential requirements and their key enablers for securing SDNs are also identified and presented. Besides, the paper gives great guidance for secure and dependable SDNs. Finally, we discuss open issues and challenges of SDN security that may deem appropriate to be tackled by researchers and professionals in the future.