Доклад Р.Л. Смелянского на международном форуме «Партнерство государства, бизнеса и гражданского общества при обеспечении информационной безопасности и противодействии терроризму», Гармиш-Партенкирхен, Мюнхен, апрель 2013 г.
Automating Google Workspace (GWS) & more with Apps Script
SDN: is it a solution for network security?
1. SDN: is it a solution for
network security?
Smelyanskiy R.L.
Moscow State University, Computer Systems Laboratory
Applied Research Center for Computer Network
2013
2. Agenda
• What is SDN network?
• Term “protecting” could be many-sided…
• SDN control environment also needs to be
protected.
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
2
13. Case studies
• Large Transit Service Provider
• Big International Company
– Multiple offices
– VPN communications
• Network of Large Organization
– Large internal networks
– Various types of network activities
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
13
14. Security in traditional architecture
networks
• Case studies:
– Large Transit Service
Provider
– Airport network
– ISP (VPN provider)
• Tendencies
– Traffic growth
– Mobility
• Infrastructure
• Software
• Protocols
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
14
15. Term “protecting” could be manysided…
Physical access
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
15
20. Term “protecting” could be manysided…
Network flow control
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
20
21. Network of Organization example
Tenant A
Tenant
app
Tenant B
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
21
22. Network of Organization example
Traffic
Dst point
Traffic
Src point
Tenant AAccept
Drop
Tenant
app
Tenant B
25.11.2013
Traffic
Dst point
prof.R.Smelyanskiy MSU & ARCCN
22
27. Controller security app
Malware
traffic
Legal
traffic
OF event
OF event
OF event
OF event
Security
app
Security
app
OF event
OF event
OF event
OF event
Legal
traffic
Legal
traffic
25.11.2013
Malware
traffic
prof.R.Smelyanskiy MSU & ARCCN
27
32. Controllers requirements
• c-applications should be reusable by different controllers placed
near-by each other;
• different controller instances should be able to share the same
instance of a c-application;
• controller should be trusted environment;
• controller should be scalable; it means that if workload is
growing beyond the current computational power of controller
then it should be able to get more computational power, for
example by splitting its activity with another controller
instance, placed on another physical resource;
• if some controller instance shut down than some other
controllers placed nearby should be able to catch up those part
of network switches were managed by those shut down.
25.11.2013
prof.R.Smelyanskiy MSU &
ARCCN
32
33. Conclusion
• Software Defined Networking (SDN) has been
rapidly developed.
– Working in data centers
– Replacing proprietary routers
• Splitting data plane and control plane brings
advantages, but also opens new way to exploit
such networks in malicious purposes.
The major advantages of SDN approach
– programmable configuration
– data plane and control plane separation
– flexible data flow control
25.11.2013
prof.R.Smelyanskiy MSU & ARCCN
33