Scribd Logo
Upload

Welcome to Scribd!

  • 63 views

    Vulnerability/Threats On SDN Security Attacks On SDN Security Solutions

    Uploaded by

    Yo Its me
    SDN introduces new security challenges due to the separation of the control plane from the data plane. There are vulnerabilities in the SDN switches, controllers, links between controllers and switches, and application software. Attacks could target any of these components or their communication channels. Specifically, man-in-the-middle attacks between switches and controllers, DoS attacks to saturate flow tables or buffers, and attacks that install fraudulent flow rules or hijack controllers are threats. Solutions include using TLS to secure communications, flow verification tools, firewalls, and frameworks that provide controlled access between applications and the network. Overall, while SDN offers benefits, further work is still needed to fully address security issues.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Vulnerability/Threats On SDN Security Attacks On SDN Security Solutions

    Uploaded by

    Yo Its me
    63 views12 pages
    SDN introduces new security challenges due to the separation of the control plane from the data plane. There are vulnerabilities in the SDN switches, controllers, links between controllers and switches, and application software. Attacks could target any of these components or their communication channels. Specifically, man-in-the-middle attacks between switches and controllers, DoS attacks to saturate flow tables or buffers, and attacks that install fraudulent flow rules or hijack controllers are threats. Solutions include using TLS to secure communications, flow verification tools, firewalls, and frameworks that provide controlled access between applications and the network. Overall, while SDN offers benefits, further work is still needed to fully address security issues.

    Original Title

    IS ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    SDN introduces new security challenges due to the separation of the control plane from the data plane. There are vulnerabilities in the SDN switches, controllers, links between controllers and switches, and application software. Attacks could target any of these components or their communication channels. Specifically, man-in-the-middle attacks between switches and controllers, DoS attacks to saturate flow tables or buffers, and attacks that install fraudulent flow rules or hijack controllers are threats. Solutions include using TLS to secure communications, flow verification tools, firewalls, and frameworks that provide controlled access between applications and the network. Overall, while SDN offers benefits, further work is still needed to fully address security issues.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    63 views12 pages

    Vulnerability/Threats On SDN Security Attacks On SDN Security Solutions

    Uploaded by

    Yo Its me
    SDN introduces new security challenges due to the separation of the control plane from the data plane. There are vulnerabilities in the SDN switches, controllers, links between controllers and switches, and application software. Attacks could target any of these components or their communication channels. Specifically, man-in-the-middle attacks between switches and controllers, DoS attacks to saturate flow tables or buffers, and attacks that install fraudulent flow rules or hijack controllers are threats. Solutions include using TLS to secure communications, flow verification tools, firewalls, and frameworks that provide controlled access between applications and the network. Overall, while SDN offers benefits, further work is still needed to fully address security issues.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 12

    Vulnerability/Threats on

    SDN
    Security
    Challenges in Security Attacks on SDN
    SDN
    Security Solutions 
    IS SDN SECURE?

     SDN is exhibiting a rapid evolution and shaping itself as a key enabler for
    future implementations in many network scenarios, such as,
     Data centre,
      ISPs(Internet service provider), 
     corporate, 
     academic and home.
     BUT is it secure?
     So SDN still cannot be considered as compelety secure and
    dependable. Security of SDN is an open subject. Separating the
    control plane from the data plane opened up a number of
    security challenges 
    This picture depicting a sdn network with switches,controllers,and application
    software.
    And we can see all the vulnerabilities and possible attack points on it.

    1. The SDN switch


    2. The links between SDN switches
    3. The SDN controller
    4. The links between controller and switches
    5. The links between controllers
    6. The application software
    if we want the sdn to be levergaed,all the security challenges
    must be emphazied and proper security measures must be taken
    against them.
    DOING so would make the sdn a much more secure network to
    be used,, saving our money and time.
    Security Attacks on SDN till now we have understod sdn is a totally new and
    different network archtecture from the traditional one.The traditional has the data plane and control plane in one entity that
    are the switches whereas in sdn they are separated.and the potential location of the attackes in sdn can be any of the three
    layers or even the communication channels/links of API(the north bound and south bound)
    DATA PLANE ATTACKS- In the data plane the attack can either be on the links or
    switches.
    AND the key area of risk in data plane is the south bound API i.e. links between the switch and controller.

    Tree components of openflow switch.


    whenever there are incoming data packets they enter the switch throught he input port.

    1.Man-in-the middle attack between


    switch and controller-An agent node is placed between the link of
    controller and the switch and intercepts the communication data and templer without being
    detected.The attacker gains control of the packet forwarding and it forwards the data
    however it wants.

    2.DoS attack to saturate the flow table-


    denial of service attack shuts down the machine or network, making it unavaliable to its legitimate
    users.Similarly in this attack ,the attacker generates a large amount of packets destinated to unknown
    network host in a very short time and this fills up the limited space of the flow table and when the flow table
    is filled by irregular traffic the legal traffic cannot be forwarded correctly into the flow table as there is no
    spcae left.

    3.DoS attack to saturate the flow buffer-


    Similar to the flow table the attacker floods large amounts of packets into the flow buffer and
    fills it up.When the legal data packets arrive the flow buffer left with no space has no other
    option but to drop those data packets.
    DATA PLANE ATTACKS.

    Fraudulent Flow Rules.

    Controller Hijacking or
    compromise.
    TCP-level attacks.
    CONTROL PLANE ATTACKS- this plane is
    more attractive to attacks because of its visible nature and openness to
    programibilty and controller is in this plane.
     DoS/DDoS attacks on the controller- in this attack the
    attacker makes the controller function unavailable to the athorized users.AS in the picture
    the attacker produces enormous flooding traffic in a very short time and this is mixed with
    the normal traffic and it becomes difficult for the controller to distinguish between the
    two.Because of the attack The requests to the controller exceeds its capacity and leads to
    the exhaustion of resources preventing the controller from functioning correctly for the
    legal traffic.

     Threats from distributed multi controllers-We


    know that multiple controllers can exist in the network so it is very important that all
    controllers work together and collaborate. BUT this coexistence of multiple controllers in
    a single domain can sometimes cause configuration conflicts and misconfiguration can lead
    to security threat.

     Threats from applications-above the control plane is the


    application plane and on that many applications are implemented and these can be a
    serious threat to the control plane as it possible some malicious applications might run
    affecting the controller as well.
    APPLICATION PLANE ATTACKS.

    A successful attack on this plane can help the attaker gain


    control over the whole network infrastructure.
     Attacks are:-
     Illegal Access
     Securityrules and configuration conflict-there are conflicts
    which may appear between security rules resulting in
    confusion of network services and management.
    Security Solutions of SDN-As we have highlighted the
    challenges and attacks on sdn we also need to look at solutions to
    make SDN a secure network.

    starting with Solutions for DATA PLANE:


    |>TLS(Transport Layer Security):TLS provides security,and ensures
    confidentality,integrity and authetication.it ensures message is not altered or substituted and
    validate the identity of the both parties.
     FlowChecker:used to prevent the illegal traffic from getting into the buffer or
    table.It is a configuration verification tool
     VeriFlow:IT is a network debugging tool used to find faulty rules inserted by SDN
    applications.
    Security Solutions of SDN

    Solutions for CONTROL PlANE


    Security-enhanced (SE) Floodlight controller:this To prevent threats from
    applications .It adds a secure programmable north-bound API to the controller
    to operate as a mediator between applications and data plane.
    DDoS detection method- A detection Framework,can be used for dos attacks.
    Some more:-
     Antivirus technique.
     IDS(intrusion detection sysytem)
     Firewall.
    Security Solutions of SDN

     Solutions for APPLICATION PlANE

     PermOF :It is a permission system used to provide controlled access of


    OpenFlow controller.
     FRESCO:provides security from threats from apps.

     SDN is a revolutionary technology There are certain shortcomings in it


    on which still work has to be done so that it becomes a
    complete,secure and dependable network in itself.
    THANK YOU

    You might also like