Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SDN solves a lot of network problems, but security isn't one of them

Kacy Zurkus | March 28, 2017
SDN security: More capabilities versus protocol and dependency weaknesses

"My impression is that the concept is a buzz word. Your SDN might not be my SDN. Look at Cisco, they have their own version of SDN," said Pickett. There are, however, sundry versions of SDN that vary depending on the vendor.

"Vendors are going to define [SDN] in a way that fits their product line. What's happening is that the product line is not moving in the direction of SDN, but the definition of SDN is moving to the product line," said Pickett.

Ironically, SDN is supposed to bring consistency to the network, yet there is a lot of ambiguity around exactly what SDN is, which is one reason why Jon Oltsik, senior principal analyst, said that as enterprises are doing strategic planning around SDN, they need to get the security team involved.

The security practitioners are the ones that can work to identify and mitigate risk. "They can look for risks in the technology, implementation, or operations and try to mitigate those as much as possible," Oltsik said.

The controller can be a single point of failure, and Oltsik said, "When SDN is implemented, it has oversight over the whole network. In a traditional network, if I compromised a layer 2 switch, I may be able to look at traffic to and from that switch, but not the whole network."

Though SDN is not a new development, there is much about the newly designed protocols that makes it very similar to a new technology. "We haven't shaken out all of the bugs yet. There's a high degree of innovation happening, but it's not as stable as established technologies," Oltsik said.

In ironing out the kinks, the software is changing rapidly, but there aren't a lot of SDN specialists out there for hire, Oltsik said. "It's established by a networking team or a data center operations team who wants to simplify, and they are using software to do that, but they are not security experts."

The desire to have a modern means of controlling the network has spawned a new wave of network management tools, but new products don't mitigate security risks. 

Paul Querna, CTO abd Co-founder of ScaleFT, said, "The security risks are not all that different than they are in general networking. It's still people on the network."

"The reality is the most advanced attackers have already figured out how to access the network in an SDN world. For weaker attackers, the SDN is more secure because they can more easily route things around," Querna said. 

Yet, risks vary depending on the exact SDN technology they are using. "If you’re deploying an SDN, you need to be careful about doing switches and how you are implementing those rules in hardware and understand what is happening if you are not," Querna said.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.