This content is part of the Essential Guide: Network security basics for building better corporate systems
Problem solve Get help with specific problems with your technologies, process and projects.

Software-defined networking security: Should we worry?

Software-defined networking security concerns are real, and networking expert John Burke says we'll need new mitigation and defense techniques to address them.

Yes. Next question?

No, seriously, software-defined networking security concerns are real. SDN users should be as worried as anyone about their networks’ vulnerability, and perhaps a little more worried than most, if for no other reason than: (a) They are changing the rules for how their networks work, and (b) they are doing so using relatively new technology. They will need to be diligent about system updates and patches as security problems are found and fixed, for example. Many network managers have been quite tardy in rolling out security fixes on their existing infrastructures; that won't do with so much new hardware and software in the mix.

If they are doing classic SDN -- in which network control and network data packet handling are separate -- they will have to watch both controllers and data plane devices for updates, and also every SDN application they use on top of the controllers.

If they are doing more virtualization-focused SDN, they'll need to mind the controller there, too, as well as the underlying virtualization platforms (e.g., VMware NSX) and any physical devices included in the mix, each with its own operating system.

In either scenario, because they are changing how they control and structure the network, security and network teams will need to make sure that their monitoring tools can see the new lay of the land. If virtual overlay networks are creating new security zones, for example, then the security operations center must be able to see and report on activity within and across those zones as needed.

Everyone will have to be prepared for evolving network attacks based on SDN technology. For example, several new kinds of resource-exhaustion denial of service attacks might be possible based on the use of SDN controllers. All should be prepared to jump in with new kinds of mitigation and defense -- software-defined networking security? -- in response.

Next Steps

Software-defined networking security nightmares and how to avoid them

Use SDN security strategies to prevent attacks

Is microsegmentation the key to a secure software-defined network?

This was last published in September 2015

Dig Deeper on Software-defined networking