Editor's note: In the second part of this series on securing software-defined networks, we outline how SDN and network programmability can enhance network security. Here in part one, we explore how the new technology can also pose SDN security risks.
With all of the potential advantages that software-defined networking (SDN) can bring to network security, there are also a host of possible risks. But once understood, these SDN security challenges can be managed.
Why SDN security concerns? The technology is immature
While SDN will create the kind of network programmability that is expected to improve security in the long term, for now just the fact that the technology is so immature means it is "probably full of software vulnerabilities," said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.
What's more, SDN technology often requires proprietary customization for each implementation that varies by enterprise and network provider. That adds another layer of software security concerns, Olstik explained.
Then there is SDN's equivalent of "virtual sprawl," which can lead to further security challenges. SDN is touted for enabling network virtualization. But that means the automated creation of tens or even hundreds of virtual network segments, each one with its own security needs.
"You could certainly run into situations where network administrators provision multiple network segments without the security team's knowledge," Olstik said. In those situations, he explained, a rogue network administrator could also reroute traffic to interrupt a network service, or set up a network segment clone to steal data.
Ultimately, network managers will need to implement security testing and quality control to address software vulnerabilities. Meanwhile, addressing virtual sprawl will require new strategies in enforcing privileged user security, logging and strong authentication. "Best practices for change management would also help," Olstik added.
The Open Networking Foundation (ONF), which develops the OpenFlow protocol, has launched a study to determine how to make SDN more secure, said Dan Pitt, executive director of the ONF. "As an industry, we know that we need to make the SDN technology itself highly secure," he said. The foundation is considering, for example, the idea of using distributed protocols, which are more resilient and harder to attack simply because they are not concentrated. While the ONF will publish its results and encourage new security strategies, enterprises and providers will have to cope with implementing these strategies with brand new technology.
SDN security requires a focus on the control plane
Because the control plane plays such a central function in an SDN ecosystem, security strategies must focus on protecting the control plane, and managing authorization of access and network applications, said Mat Mathews, co-founder and vice president of product management at SDN firm Plexxi.
More on security and the software-defined network
SDN goes beyond the data center … and into network security
OpenFlow's role on the campus LAN (think security)
Understanding the pros and cons of software-defined networking security
With SDN, the goal is to enable network applications, which are basically virtualized network services, such as load balancers, firewalls, network address translation and network taps. The idea is that these applications would be implemented and managed through the control plane, likely from a centralized point.
Much as the smart phone market has to deal with authenticated applications, Mathews says the SDN market will need to address the question of how to authenticate an application's access to the control plane, and how to prevent an authenticated application from being hacked.
"We think, in general, the network should service the needs of business applications and business logic should dictate how security is applied or not applied," said Mathews.
"Opening up the network to its own applications that require their own security policy framework, governance and management is potentially more trouble and risk than it's worth," he said. The point isn't that network services cannot be deployed, but that the idea of allowing those services to themselves control the network opens up a lot of very difficult to answer questions, he explained.
On the bright side, because SDN allows for the decoupling of the control plane from the data plane, if hackers were to reach the data plane in an SDN environment, they would be unable to use the data since the controls would no longer be embedded.
Controllers play a role in the SDN security problem
Similarly, one glaring downside of SDN is that when you make changes at the control level, they are reapplied throughout the network, said Jim Damoulakis, chief technology officer at GlassHouse Technologies. In contrast to old one-by-one configuration processes, where an error might only affect one part of the network, SDN now makes it easy to have one policy applied uniformly and in an automated way.
"That means if you do something wrong at that level you could end up broadcasting it and applying it all over, so there is a need to be more careful," Damoulakis said. The implicit good news, he says, is that SDN will demand clear policies; the bad news is that companies are going to have to spend time thinking about and designing those policies.
Still, even with the risks that SDN may bring to the fore, no one seems anxious to turn back the clock. "While these are real issues, I do believe that SDN can improve network security in the long run," said Oltsik.
This was first published in February 2013