MN502 Network Security Assignment Help

MN502 Network Security Assignment Help

MN502 Network Security Assignment Help

Introduction

Software-defined networking (SDN) is an architecture which is emerging and is manageable, dynamic, adaptable and cost-effective creating it perfect for applications dynamic nature and high-bandwidth. SDN is emerging part of networking of computer where functionalities of networking are decoupled as compared to actual hardware. This assignment explains SDN and its layers it explains the SDN characteristics with respect to traditional network and pros and cons of both SDN and technical network regarding security issues.

MN502 Network Security Assignment Help

Secondly,it explains 3 security issues in SDN and somemitigation tools and techniques used for every of the security issues.

1. Literature review on security aspects in Software Defined Networking (SDN).

Introduction to SDN

Software-defined networking (SDN) is an architecture which is emerging and is manageable, dynamic, adaptable and cost-effective creating it perfect for applications dynamic nature and high-bandwidth. SDN comprises of several technologies of networking having the objective of making the network more flexible and agile. The aim of SDN is to permit administrators and network engineers to quickly respond to the changing requirements of the business. SDN architecture decouples the control of the network and promoting functions allows controlling of the network to directly become programmable. Network services and applications allow abstracting some underlining infrastructure. SDN is a fast developed technology used to achieve large-scale quickly changing environment network at line-speed [3].

SDN architecture is:

Directly programmable:Controlling of the network is completely programmable as it is decoupled with forwarding functions.

Managed centrally:Software-based SDN controller has centralized network intelligence which maintains networks global view.

Agile:Administrators are dynamically adjusting the flow of traffic in the wide network so as to meet the needs which are regularly changing.

Open standards:SDN simplifies the design of network and operations after implementation.

Layers of SDN

Control layer: It is also known as control plane is used for routing information exchanging, developing a table of ARP, etc. The task involved in this are:

a. MAC addresses learning to develop a switch table for MAC address.

b. Running STP to generate a topology of loop-free.

c. Running protocols of routing like BGP, EIGRP, and OSPF and developing the table of routing.

d. Developing tables of ARP.

Data forwarding layer:It is also known as data plane which is used for traffic forwarding. It has a complete dependency on information supplied by control layer. The task involved in this are:

a. Matching destinations of IP in the table of routing.

b. Access-lists lead to traffic dropping.

c. Change destination and source address.

d. Packets can be de-encapsulated and encapsulated.

Application Layer:This layer uses services taken from control layer to generate application plane. It helps in visualization process[7].

: SDN Architecture

Characteristics of SDN compared to traditional network

TraditionalNetwork

Traditional networking is classified into 2 crucial factors:

1. Implementation of the functionality of network in an appliance which is dedicated. They are also delivery controllers for more than one switch or router.

2. Main functionalities of this appliance are implemented in hardware’s which are dedicated. AISC (Application specific integrated circuit) is commonly used regarding this purpose [8].

Traditional Networking Device

SDN Architecture Design

Comparison between Traditional Network and SDN

S.NO.

Traditional Networking

Software Defined Networking

1

They are not flexible and are immobile networks. They own a very little flexibility and agility and are not of any use for a new venture in business.

During the time of deployment and later stages, they act as programmable networks depending on requirement change. They generally benefit establishing new ventures of business as they possess virtualization, agility, and flexibility.

2

Custom FPGAs and ASICs are used.

Merchant silicon is used.

3

They are generally hardware appliances.

They are designed for using software’s which are open.

4

Protocols are used for working.

To configure APIs are used depending on the requirements.

5

Control planes are distributed.

Control planes are logically centralized.

6

It does not permit to quickly respond towards the changing environment of business.

It permits to quickly respond towards the changing environment of business [4].

A comparison of advantages and disadvantages of SDN over traditional networks 

regarding security issues.

Analysis of SDN architecture and Traditional Network on basis of security

Advantages of SDN

Enhance security:Virtualization making management complex, SDN creates a centralized network which controls the distribution of security and information of policy consistently within the enterprise.

Centralized provisioning of the network:SDN describes a centralized view of the whole network due to which centralizing provisioning and enterprise management becomes easier. SDN accelerates delivery of services and delivers agility in provisioning.

Complete enterprise management:SDN allows some IT managers to examine and experiment with some network configurations without letting them affect the networks.

Improved control and command:SDN allow more visibility on the flow of information through the network. It also improves the security of the network and optimizes network and control.

Cost-effective:SDN reduces the overall cost of operations leading to administrative saving and other advantages which leads to some operational savings[1].

Disadvantages of SDN

1. Proper training is to be provided to the whole staff.

2. Some new tools for management are obtained and people need to be provided with training regarding its use.

3. The biggest challenge it faces is security [2]

4. The entirenetwork needs to be changed for SDN implementation and cost even increases because of reconfiguration.

Advantages of technical Network

1. It is very useful for gradually evolving networks and networks which are static.

2. It is a hardware centered network which is reliable and stable.

3. It quickly regains the operational capacities even after the loss of power without some external significant interventions.

4. The consistentand regular operation takes place so to have the knowledge about changing the environment.

Disadvantages of technical Network

1. It is comparatively costly as it builds a large stack of the appliance made for security.

2. It is more complex and compound as it builds a network of overlay in the cloud.

3. It is more time consuming, it requires more time in attending events.

4. It cannot adapt or modify itself with rapid changes or alterations occurring in technology.

5. Demands of network traffic used to escalate.

6. Staff cost gets increased and hardware cost is reduced [5].

Comparison between SDN and Traditional Networking

2.Analyse critically, three current or future security issues in SDN and its countermeasures. In this section, you will 

Three security issues in SDN

Southbound interface protection: The matter of concern is the connection between network element and controller over the transport layer. To prevent the attack of Man-in-the-middle channel need to be preserved from some unauthorized access. Gaining access can allow attackers to passively read the Open Flow and messages of other management and gain some knowledge regarding the local network.  If any modification or insertion takes place in the Open Flow it can adversely create an impact on the behavior of the network. Attackers get the powers to control and they can send messages regarding modification of flow to switches which can redirect the traffic of data they even behave as network elements and can send some fake and false information to controllers which will automatically bring error in the network state [8].

Protecting the controller: The controller of SDN is a failure of a single point and a large point to be attacked. Attackers are allowed to access or compromise the controllers and provide them the opportunity to directly taking a control of network completely. They have a threat of stealing and harming information of network which is collected and stored by the controller.

Northbound interface protection: The protection on the access of general server and some remote interactions with the software controller need to be protected and preserved. Some remote interface management must be attacked and Credentials can be leaked. Password and logins can also be leaked [6].

Mitigation techniques and tools used for each one of the security issues

Southbound interface protection

TLS is the tool used for the southbound interface protection security issue. It is suggested for Open Flow messaging. ODL and ONOS are the techniques used along with some new controllers to support TLS. TLS (Transport Layer Security) is a protocol which describes the security of communication among server or client applications that interact with each other on the internet. It allows the integrity, privacy, and protection of data which is transmitted on the internet. TLS permits securing of web browsing, access to applications, internet related communication and transferring of data. It even prevents transmitted data from being tampered[10].

Protecting the controller

Ident++ protocol is the tool used for the SDN security to prevent it against the attacks and provide detailed delegation of trust and control for the enforcement of network security. It provides the single purpose, must be patched and should be checked for integrity and necessary maintenance.

Northbound interface protection

Secure Shell protocol (SSH) isthe tool used for the northbound interface protection security issue. ONOS and ODL describe different remote management and REST dependent APIs which are protected by SSH protocol. Some practices need to be implemented for web application security and to preserve data and leakage of credentials, username, and logins.Secure Shell is a protocol or interface which executes the services of network, shell, and communication. SSH allows 2 remotely connected user so that network communication can be performed. SSH is designed to allow the user to log in securely[9].

Conclusion

I have efficaciously completed the assignment on software-defined networking. I learned that SDN is emerging part of networking of computer where functionalities of networking are decoupled as compared to actual hardware. This assignment explains SDN and its layers it explains the SDN characteristics with respect to traditional network and pros and cons of both SDN and technical networkregarding security issues.

Secondly,it explains 3 security issues in SDN and somemitigation tools and techniques used for every of the security issues.

References

[1]M. Dabbagh, B. Hamdaoui and M. Guizani, "Software-defined networking security: pros and cons", IEEE Communications Magazine, vol. 53, no. 6, pp. 73-79, 2015.

[2]J. Wan, Z. Shu, D. Li, J. Lin, A. V. Vasilakos and M. Imran, "Security in Software-Defined Networking: Threats and Countermeasures", 2016.

[3]Q. Monnet, "An introduction to SDN", whirl, 2016. [Online]. Available: https://qmonnet.github.io/whirl-offload/2016/07/08/introduction-to-sdn/. [Accessed: 23- Jan- 2018].

[4]Traditional vs Software Defined Networking. IP Knowledeg, pp. 1-6, 2014.

[5]A. Mallick, "Traditional Network Infrastructure Model and Problems Associated with it", Pluribus networks, 2012.

[6]F. George, "Securing Software Defined Networking", Journal of Information Warfare, vol. 16, no. 2, pp. 56-65, 2017.

[7]M. Shirazipour, W. John, J. Kempf, H. Green and M. Tatipamula, "Realizing Packet-Optical Integration with SDN and OpenFlow", IEEE International Communication, pp. 6633-6637, 2012.

[8]Q. Yan and F. Yu, "Distributed Denial of Service Attacks in Software-Defined Networking with Cloud Computing", IEEE Communications Magazine, pp. 52-59, 2015.

[9]A. Zaalouk, "An Orchestrator-Based Architecture For Enhancing Network-Security Using Network Monitoring And SDN Control Functions", Network Operations and Management Symposium (NOMS), pp. 1-9, 2014.

[10]S. Scott-Hayward, G. O’Callaghan and S. Sezer, "SDN Security: A Survey", IEEE, pp. 1-7, 2013.