Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

SDN security challenges alongside the potential of a new technology

With the promise of programmable networks will come a slew of SDN security challenges, including the need to protect the new network controller.

Editor's note: In the second part of this series on securing software-defined networks, we outline how SDN and network programmability can enhance network security. Here in part one, we explore how the new technology can also pose SDN security risks.

With all of the potential advantages that software-defined networking (SDN) can bring to network security, there are also a host of possible risks. But once understood, these SDN security challenges can be managed.

Why SDN security concerns? The technology is immature

While SDN will create the kind of network programmability that is expected to improve security in the long term, for now just the fact that the technology is so immature means it is "probably full of software vulnerabilities," said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.

What's more, SDN technology often requires proprietary customization for each implementation that varies by enterprise and network provider. That adds another layer of software security concerns, Olstik explained.

Then there is SDN's equivalent of "virtual sprawl," which can lead to further security challenges. SDN is touted for enabling  network virtualization. But that means the automated creation of tens or even hundreds of virtual network segments, each one with its own security needs.

"You could certainly run into situations where network administrators provision multiple network segments without the security team's knowledge," Olstik said. In those situations, he explained, a rogue network administrator could also reroute traffic to interrupt a network service, or set up a network segment clone to steal data.

Ultimately, network managers will need to implement security testing and quality control to address software vulnerabilities. Meanwhile, addressing virtual sprawl will require new strategies in enforcing privileged user security, logging and strong authentication. "Best practices for change management would also help," Olstik added.

The Open Networking Foundation (ONF), which develops the OpenFlow protocol, has launched a study to determine how to make SDN more secure, said Dan Pitt, executive director of the ONF. "As an industry, we know that we need to make the SDN technology itself highly secure," he said. The foundation is considering, for example, the idea of using distributed protocols, which are more resilient and harder to attack simply because they are not concentrated. While the ONF will publish its results and encourage new security strategies, enterprises and providers will have to cope with implementing these strategies with brand new technology.

SDN security requires a focus on the control plane

Because the control plane plays such a central function in an SDN ecosystem, security strategies must focus on protecting the control plane, and managing authorization of access and network applications, said Mat Mathews, co-founder and vice president of product management at SDN firm Plexxi.

More on security and the software-defined network

SDN goes beyond the data center … and into network security

OpenFlow's role on the campus LAN (think security)

Understanding the pros and cons of software-defined networking security

With SDN, the goal is to enable network applications, which are basically virtualized network services, such as load balancers, firewalls, network address translation and network taps. The idea is that these applications would be implemented and managed through the control plane, likely from a centralized point.

Much as the smart phone market has to deal with authenticated applications, Mathews says the SDN market will need to address the question of how to authenticate an application's access to the control plane, and how to prevent an authenticated application from being hacked.

"We think, in general, the network should service the needs of business applications and business logic should dictate how security is applied or not applied," said Mathews.

"Opening up the network to its own applications that require their own security policy framework, governance and management is potentially more trouble and risk than it's worth," he said. The point isn't that network services cannot be deployed, but that the idea of allowing those services to themselves control the network opens up a lot of very difficult to answer questions, he explained.

On the bright side, because SDN allows for the decoupling of the control plane from the data plane, if hackers were to reach the data plane in an SDN environment, they would be unable to use the data since the controls would no longer be embedded.

Controllers play a role in the SDN security problem

Similarly, one glaring downside of SDN is that when you make changes at the control level, they are reapplied throughout the network, said Jim Damoulakis, chief technology officer at GlassHouse Technologies. In contrast to old one-by-one configuration processes, where an error might only affect one part of the network, SDN now makes it easy to have one policy applied uniformly and in an automated way.

"That means if you do something wrong at that level you could end up broadcasting it and applying it all over, so there is a need to be more careful," Damoulakis said. The implicit good news, he says, is that SDN will demand clear policies; the bad news is that companies are going to have to spend time thinking about and designing those policies.

Still, even with the risks that SDN may bring to the fore, no one seems anxious to turn back the clock. "While these are real issues, I do believe that SDN can improve network security in the long run," said Oltsik.

This was last published in February 2013

Dig Deeper on Network Security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Will SDN cause more security risk than benefit?
Without strong, resilient, low-overhead security, the SDN movement will not make much headway into the Enterprise market. Interaction between the Controllers must be handled very carefully or the concept of SDN is flawed and will not be ready for prime time until the security issues are overcome. I believe the inter-controller communication security flaws will cause many vendors to reconsider their SDN plans. for the moment. And I have heard nothing from the larger SDN 'players' (Cisco, Brocade, HP, Nicira./VMware, etc) regarding their view of this issue or SDN security overall. This void may come from these players' understanding of the East-West inter-Data Center traffic, which is more secure due to the dedicated nature of the Data Center connections, i.e. high speed point to point connections with no access to the Internet. This should result in a reduced number of security breaches. This does make some sense but if that is required, so be it.

That leaves the North-South traffic which is overwhelmingly user/Internet access traffic with very little security and controllers directly on Internet connections. These controllers (like bare metal switch with a small Linux OS and some SDN code) do become a serious security risk as experienced hackers will try to manipulate or damage them at will. So, I began with security and I will end with it. In my opinion, SDN idea has a difficult uphill battle to garner Enterprise attention and respect, if hardware manufacturers choose not to solve the SDN controller security issues first.

Thanks, Mike
This is a beautiful question to answer: SDN is a new way of defining the networks. SDN is not a tool or utility to fix something. It is new thought process for the network security world at-least. We had long lasting problems with networks, which couldn’t be solved without context or global view of the network. Now that these things can be achieved with SDN, let us be optimistic towards the technology. There are lots of use cases for SDN in network security such as Network monitoring, malicious activities detection, mitigation, network management solutions & forensic analysis. All these can be achieved with the basic properties of SDN.

Also, We are at very early stage of designing controller or Network management solution. Though, everyone accepts that there are vulnerabilities with the centralized controller like model, but one need to remember with new thoughts comes the vulnerabilities and hence one need to see the positive side of this model. I say the world will move towards customized controllers rather than having some global/open controllers that could cater to everyone’s needs, which is highly impossible.

Points to remember: SDN is not just OPENFLOW/OVS/OPENDAYLIGHT alone or SDN is not just separating control plane and data planes. It is much more than that. Take a step back and think it is Network Programmability and Automation that we are talking about. Having control of your own network is what we are targeting at. At-least, I believe that we are seeing more negatives of SDN as we are restricting ourselves to the protocols or technologies such as OPENFLOW, OVS and controllers that we see today. These are just prototypes. We can achieve much more and do better to the L4-L7 layers, that is what world is anticipating not just controlling the flow out of a switch and getting its statistics.

I am also very much accepting to the Mike’s thought.

Vasudevan N.