Mn502 Network Security: Software Defined Assessment Answers
Assignment Description
The purpose of this assignment is to develop skills to independently think of innovation. In this assignment students will first learn how to develop knowledge based on current state of the art of an emerging knowledge domain. Then they will learn how to identify plausible security issues in this emerging technology and finally learn the skill of adding knowledge to existing domain by theoretically developing the corresponding protection mechanism for a particular issue.
Software Defined Networking (SDN) is a rising concept in computer networking. It is possible to centralize software logically in order to control the behaviour of the network. In contrast to conventional network, in SDN, a network’s control logic is separated from the underlying physical routers and switches. This phenomenon allows network operators to write high-level control programs to specifying the behaviour of the whole network.
This assignment includes three parts
- Literature review on Software Defined Networking (SDN).
- Identify three current or future security issues in SDN.
- Propose a possible solution for one of the threats identified in section(2).
Answer:
Introduction
To increase the availability of information, ICT devices today are characterised by portable devices and systems. These devices have increased the overall availability of technology to the users who continuously rely on them to perform their daily activities. Furthermore, the virtual world is slowly taking root in the society where technologies such as cloud computing are gaining a footing in the ICT industry. These technologies are dynamic in nature as their resource requirements change continuously as they are hosted online which tends to misalign their objectives with those of conventional networking technologies [1]. Why is this so? Well, conventional networking technologies use hierarchical models that have Ethernet components linked in tree structures. These structures are very evident in communication systems that require participants having different privileges i.e. clients and servers. Now, this model is convincement for these applications but is insufficient for applications whose resource requirements change over time, for instance, data centres a common outcome in cloud technology.
Literature review
SDN highlights a technological transformation that combines old networking technologies with new applications and mechanisms to yield an optimal model for networks. In essence, it separates the data from control resources which increases the functionalities of networking systems. Moreover, SDN introduces centralised control which facilitates the work of network developers and engineers. However, as a concept, the ideas held by SDN have been in existence for a long time dating back to the inception of networking technologies themselves [2]. In fact, centralised control has always been the goal for networking as it offers more functionalities and would unify communication through the common controls adopted.
In all, the SDN architecture discussed today generally outlines the transformation of networking model where unlike the conventional systems that use individual devices as the control mechanisms, an SDN controller is used to centralise functions [3]. Therefore, rather than having networks as the outcomes of the many interconnected devices, they are defined as resources that are centrally controlled. Furthermore, the localisation of networks has in the past always minimised the functionalities of networks because operations can only be executed in individual devices based on the manufacturers’ specifications. Again this outcome has meant users of networks have to conform to the functionalities given. SDN on its behalf introduces the programmability concept that enables users to modify and customise resources based on their needs and not as dictated by manufacturers.
A crucial element of the SDN architecture is the OpenFlow (OF) concepts, which outlines new operating standards that unify communication resources. OF use open standards to define the operational protocols used by SDN networking resource which integrates all devices as they use common standards. From routers to switches, the underlying functionalities are fulfilled by the same standards that use a common algorithm characterised by programmable tables. These tables are known as Flow tables and facilitate the administration of networks through granular configurations, unlike the traditional system that uses the conventional IP routeing [3].
SDN Architecture
As stated earlier, the operation of the SDN architecture is dependent on the separation of the control and data sections of networks. Essentially, this outcome shifts the control from the physical or hardware components into applications/programs characterised by the SDN controller. This transformation facilitates the functions of modern technologies such as cloud computing that are based in the virtual world and lack physical control components [4]. Moreover, its enhances the availability of networking resources as they are easily customised and adjusted based on the needs of the end users, who again are outlined to prefer mobile and flexible technologies. Nevertheless, the SDN architecture is defined by three main elements; the data, control and application layer. These layers or planes are distinctively defined having logical boundaries and specific roles.
- Data layer– one can identify this layer as the layer that holds the networking resources as the main functionalities of networks are met by it. The data layer will process and forward traffic from one device to another thus will host all networking devices such as routers and switches. However, its operations unlike before are not controlled by its devices but by the control layer which holds the SDN controller.
- Control layer- the control central station as the SDN controller, an operating application is hosted by it. The SDN controller acts as a translator as it transforms the requests of the end user into actionable controls and configurations of the networks. Furthermore, it facilitates the relation between the application and data layer which presents all the networking resources to the user in an abstract form [5].
- Application layer– The final layer which in all can be seen as the top most plane. It has the applications and programs that present the networking resources in an abstract form for the administrators and engineers to control. Through the applications hosted by this layer, commands and instructions are translated by the SDN controller to control the networks i.e. the data layer.
SDN requirements
The existing and predominant networking architectures are defined by manufacturers who use different networking standards in terms of the configurations made on the individual devices [6]. This outcome minimises the integration of networks and also hinders the transformation proposed by the SDN model. Therefore, for the SDN transformation to occur, these individual networking resources must be eliminated with their place being occupied by OpenFlow systems that define an open standard for operation. Moreover, programmability of networks must be accomplished as it will facilitate the customization of networks a key component of the SDN model [6]. Therefore, the requirements of SDN will be met after the separation of the resources hosted by the networking technologies is done, an outcome that is both transformative and challenging. In fact, this transformation will have to occur while the functionalities of networks are maintained which presents considerable security risks and threats as outlined below.
Security issues
Although it’s not a new technology, SDN presents many new technological concepts that use new operational standards. This outcome by default exposes it to many security liabilities as its structures have not been comprehensively tested in the field. Moreover, the new components it introduces require new security measures to meet the needs of today. Remember, networking technologies in the past may have been facilitated by the little technological advancements seen then, however, today’s system require top notch security as there exist many technological and security liabilities. Therefore, based on its architecture and operational principles, the following security issues are identified.
Problems with the SDN controller
Regardless of the functionalities offered by the centrally placed controller, its existence serves a single point of failure that can compromise the entire network in one instance. Furthermore, with the prevalence of attacks, it presents a considerable risk as if accessed it grants the control of the networks to intruders [7]. Therefore, unlike before where access of one device limited attacks to specific sections of networks, the controller will avail all the resources owned by the attached network.
OpenFlow
Another serious liability, in fact, one of the biggest issues that will face SDN technologies in the future as its security controls will determine the safety of the networks. First, OF advocates for open standards which essentially means all networking devices have the same configurations or configuration standards. Secondly, all devices operate in root mode, which grants them administrative access. Therefore, OF first grants intruders a big field of attack and secondly, it gives them an administrative access to networks [8].
Programming networking resources
This functionality will allow network developers and managers to install control applications as well as enable them to make remote configurations of networking resources. This outcome could enable intruders to install malicious software on the networks and even enable them to make remote adjustments to networks while having malicious intentions [9].
The possible solutions
- Deploy strong encryption and authentication measures– due to the separation of networking resources based on the layer identified, the traffic should be encrypted and protected from intruders. For instance, the TLS (transport layer security) would acts as a good example as it would protect the layers and even the controller itself [10].
- Increase the control measures– SDN proponents should employ the same security control seen today on SDN resources. For instance, firewalls and access control among many others should be customised to fit the new networking structure [7]
- Enact unified security policies– since open operational standards are suggested, the same should apply where strong and uniform security measures should be adopted across all networking resources [9]
Conclusion
SDN seems to hold a progressive objective where unlike most other technologies or technological concepts cannot be accomplished in one instance. Furthermore, it’s important to remember that SDN in itself is not a new technology but a combination of old technological concepts with new operational mechanisms to facilitate dynamic networking solutions. Through it, networking resources are optimised by being diversified to offers more functionalities and roles which increase their overall control. Furthermore, other much-needed benefits are attained by the ICT industry where flexibility and mobility are increased.
References
[1] Darabinejad. B & Fayyeh. S. (2014). An introduction to software-defined networking. International Journal of Intelligent Information Systems. (Online). Available FTP: https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijiis.s.2014030601.23.pdf
[2] Goeringer. S. (2015). Software - Defined Networks. Polar star consulting, LLC. (Online). Available FTP: https://www.polarstarconsulting.com/SDN%20Introduction.pdf
[3] Maged. A. (2015). Introduction to Software Defined Networking. Menog. (Online). Available FTP: https://www.menog.org/presentations/menog-15/341-MENOG_SDN_April.pdf
[4] Jain. R. (2013). Introduction to software defined networking (SDN). Washington University in Saint Louis. (Online). Available FTP: https://www.cse.wustl.edu/~jain/cse570-13/ftp/m_16sdn.pdf
[5] ONF. (2013). SDN Architecture Overview. Open networking foundation. (Online). Available FTP: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/SDN-architecture-overview-1.0.pdf
[6] ONF. (2014). SDN architecture. Open networking foundation. (Online). Available FTP: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR_SDN_ARCH_1.0_06062014.pdf
[7] Kreutz. D, Ramos. F, Verissimo. P, Rothenberg. P, Azodolmolky. S & Uhlig.S. (2014). Software-Defined Networking: A Comprehensive Survey. (Online). Available FTP: https://arxiv.org/pdf/1406.0440.pdf
[8] Lim. A. (2013). Security Risks in SDN and Other New Software Issues. RSA conference 2015. Available FTP: https://www.rsaconference.com/writable/presentations/file_upload/sec-r01_security-risks-in-sdn-and-other-new-software-apps_copy1.pdf
[9] Dubey. A & Khanna. B (2016). Security in software defined networking: a review. International Journal of Computer Engineering & Technology (IJCET). Available FTP: https://www.iaeme.com/MasterAdmin/uploadfolder/IJCET_07_04_007/IJCET_07_04_007.pdf
[10] Bakhshi. T. (2017). State of the Art and Recent Research Advances in Software Defined Networking. Wireless Communications and Mobile Computing. (Online). Available FTP: https://www.hindawi.com/journals/wcmc/2017/7191647/