The move to software-defined networks (SDNs) is already stirring up security concerns. At LightReading, Iain Morris discusses recent acknowledgement by Level 3 of the security challenges associated with SDNs and NFV. Allot Communications’ CTO Jay Klein expressed how most of the issues focus on the centralization of control, which is, of course, one of the advantages of SDNs. However, it also represents a central point that can be attacked.
Morris points out that Level 3 recently acquired Black Lotus, a specialist in dealing with distributed denial of service (DDoS) attacks that could threaten centralized control elements of an SDN network. Anthony Christie, Level 3’s chief marketing officer, indicates that the acquisition could accelerate Level 3’s security roadmap.
At TechTarget, Nemertes Research’s John Burke also tackles discussion of the SDN security issue. The reality is that with SDNs, there are more things to which attention must be paid than there are in legacy systems. That, on top of network administrators’ sometimes lackluster record in security and the pure newness of things, creates challenges:
SDN users should be as worried as anyone about their networks’ vulnerability, and perhaps a little more worried than most, if for no other reason than: (a) They are changing the rules for how their networks work, and (b) they are doing so using relatively new technology. They will need to be diligent about system updates and patches as security problems are found and fixed, for example. Many network managers have been quite tardy in rolling out security fixes on their existing infrastructures; that won't do with so much new hardware and software in the mix.
More specifically, there is vital data flowing now in both the data and control planes, while in the past, the two levels were combined. This is the key to SDN’s great benefits, but it requires extra vigilance on the part of IT admins. Monitoring tools will change as well, Burke adds.
Organizations are at work on the issue, and in fact, last week, the SDN Open Networking Operating System (ONOS) community released Drake, the fourth release of its open source OS, which adds security features to the mix:
Drake adds significant levels of security to the apps and APIs accessing ONOS. By default, ONOS' GUI and REST-based interfaces are now secured. SRI International and KAIST developed an early implementation of secure bundles called Security Mode ONOS for Drake. Transport Layer Security has been added for the east/west-bound communications and the Command Line Interface can also be secured for authenticated password-less access using public/private keys.
It is clear that security is a big challenge to software-defined networks, and most likely, the cat and mouse game that characterizes security across the online world will take hold in the SDN segment as well.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.