6682 Information Security For The Assessment Answers
Question:
2. Provide constructive feedback for (at least two) cohort colleagues and receive feedback from (at least two) cohort colleagues on your own design and make refinements accordingly.
Answer:
Introduction:
Software defined networking is the new agenda in the field of networking which focuses on developing intelligence network of networking devices like hubs, switches, and router. SDN architecture encompasses the direct program for controlling the network. “The technique of virtualization has been used by the SDN architecture to make it completely separate from network services” (Ramos ,2014).
Background:
Software defined networking is the modification of network control point. The unpredictable nature of routing control platform and active network give birth to the innovation of SDN technology. “The network behaviour can be predicted by low level configuration files and folders” (Nataranjan, 2016). SDN architecture is composed of Application, data, and control planes. Control plane interface is used for managing communication between different planes. Some of the important features of SDN are centralized control, virtualization and abstraction technique, programmability, rapid innovation, openness, and others. The architecture of SDN is depicted in the figure below:
The architecture of SDN is equipped with security issues which can affect replication schemes of the controller by using conflict resolution and authentication mechanism. The threat of attack is increasing on the SDN platform than traditional network.
Scope of engagements:
The SDN focuses on control which is based on software enabled network. In this paper, we will indulge with security issues which are associated with the SDN and the countermeasures which should take place on the occurrence of vulnerabilities. The SDN architecture should support isolation and multi-tenancy between tenant networks.
Security issues and challenges in SDN:
The potential attack of denial of service attack is increasing on the software defined network. The fake requirement of multiple services has been sent to the central part of SDN which can lead to the overflow of the table and result into denial of service attack. The open flow algorithm is used for deploying the SDN network. Transport layer security can be managed between switches and controller by using open flow algorithm. The security issues which are associated with SDN are depicted below:
- Unauthorised access: SDN follows the methodology of centralized control. The possibility can arise that multiple controllers wants to access the data plane of SDN. The pool of controllers is abstracted for read write operation. In this situation, the attacker can get the authentication of the application through which he can manipulate the working of the application. The table below shows the list of security issues associated with unauthorised access and its recommended solution.
- Data leakage: The attacker focuses on the timing associated with the packet processing. The proactive and reactive configuration of data packet can result into leakage of data.
- Data modification: “The flow of traffic can be controlled by the controller of the SDN” (Horvath, 2015). The hijacking of controller will result into effectively controlling of SDN by the hacker. The flow of network devices can be modified and controlled by the hacker.
- Malicious and compromised application: The malicious application can adversely affect the SDN controller. The controller act as an abstraction between data plane and the application. The poorly designed application can result into the entrance of vulnerabilities. The table below shows the list of security issues associated with malicious attack and its recommended solution.
- Denial of service attack: It has been analysed that the weakness of SDN architecture is the combining capability of central controller and data planes. The insertion and modification rules are associated with the denial of service attack. The potential attack of denial of service attack is increasing on the software defined network. The table below shows the list of security issues associated with denial of service attack and its recommended solution.
- Configuration issues: “The network vulnerabilities can be detected by using the security policies and authentication protocols” (Xu, 2013). The interface should be developed between SDN network and the layer.
The table below shows the list of security issues and layer affected by them.
|
Security issues |
Application layer |
Application-control layer |
Control layer |
Control data interface |
Data layer |
|
Unauthorised controller hijacking and access |
Yes |
Yes |
Yes | ||
|
Unauthenticated and unauthorised application |
Yes |
Yes |
Yes | ||
|
Discovery of flow rule |
Yes | ||||
|
Management of credentials such as keys and certificates associated with logical network |
Yes | ||||
|
Discovery of forward policy |
Yes |
Yes |
Yes | ||
|
Modification of flow rule for modifying packet |
Yes |
Yes |
Yes | ||
|
Insertion of fraudulent rule |
Yes |
Yes |
Yes | ||
|
Communication flood for controller switches |
Yes |
Yes |
Yes | ||
|
Table flooding of switch flow |
Yes | ||||
|
Transport layer security adoption |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Enforcement of policy |
Yes |
Yes |
Yes | ||
|
Security provisioning |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Lack of network state visibility |
Yes |
Yes |
Yes |
Recommended solution:
The following table shows the recommended solution to cope up with the security issues associated with the SDN:
|
Security Issues |
Recommended solution |
|
Unauthorised and unauthenticated access |
Security provided to distributed control and development of resilient SDN Authentication provided for resilience Permof Checkpoints for operations Floodlight Authflow |
|
Data leakage |
Overcome the problem of denial of service attack |
|
Data modification |
Security provided to distributed control and development of resilient SDN |
|
Malicious code and application |
FortNOX ROSEMARY LegoSDN |
|
Denial of service attack |
AVANT Guard CP recovery VAVE Delegation for network security |
|
Configuration issues |
NICE Flow Checker Security by using firewall Sharing of data store |
|
System level SDN security |
SDN debugger Secure SDN FRESCO |
“There are security issues associated with system level security which are categorised as debugging of simplified SDN, security to switches and TCP attacks, Security to control channels, and Simplification in complex security policies” (Dabbagh, 2016). The recommended solution to overcome the system level security is to develop a prototype for network debugger, architecture based on global ID, Developing architecture for secure control channel by using the concept of security gateways and IPSec tunnels, and framework for application development based on composition of security services. “The evolution in trends has been seen in managing the security control of SDN” (Shu, 2016). The following table shows the new version of security control which helps in securing the software defined network.
|
Security controls |
Trends in Research Evolution |
|
Firewalls |
Dynamic allocation of firewalls, SDN based firewalls, Statefull firewall access, and Hybrid SDN classical firewall issues |
|
Access control |
SDN dynamic access control Fine grained access control |
|
IDS/ IPS |
Integration with classical tools SDN IDS/IPS implementation |
|
Policy management |
SDN policy language Migration from classical network Policy enforcement |
|
Monitoring and auditing |
Traffic monitoring tools and traffic management |
Summary of findings:
The diagram below shows the security issues and recommended solution which are associated with the software defined network. From the research and survey, it has been concluded that the network security system can be developed by doing inspection of small packets of SDN. “The SDN architecture should support isolation and multi-tenancy between tenant networks” (Alsmadi, 2015). “Fine grained network security should be used for managing workload on the system” (Dhawan, 2014). The most preferred recommended practices are to overcome the security issues are invariant detection of conflict resolution, deployment of mutual authentication, isolation of control plane, use of container based application, limiting of rates, short timeouts, aggregation of flow, and IPS logging.
The following table shows the complete summary of cause of security issues on SDN and related countermeasures:
|
Targeted Level |
Malicious behaviour |
Cause |
Countermeasures |
|
Forwarding plane |
Switch denial of service attack |
Limitation of forwarding table Increasing number of flow Limited capacity of switch buffer |
Proactive caching rule Aggregation of rule Increasing capacity of switch buffer Decreasing communication between switch controller |
|
Control plane |
Denial of service attack Compromising on controller attack |
Centralization of control Limited storage of forwarding table Increasing number of flows |
Replication of controller Dynamic master controller Placement of efficient controller Replication of controller with diversity |
|
Forwarding control link |
Main in the middle attack Replay of attacks |
Communication messages Limited authentication Lack of time stamping |
Use of encryption technique Use of digital signature Inclusion of time stamp in encrypted messages. |
Impact on real life:
The countermeasures should be taken to overcome the situation of security challenges for the smooth functioning of software defined network. The implementation of SDN brings various benefits to the network scheme. “The application of high level software can be easily managed by SDN” (Ali, 2015). It helps in detection of intrusion which can harm the network. It can help in detecting malicious behaviour of switches. The SDN is used for carrying over network forensic. It is reactive in performing packet dropping and packet redirection.
Conclusion:
The purpose of this paper is to present security issues and recommended solution associated with the software defined network. The architecture of SDN is equipped with security issues which can affect replication schemes of the controller by using conflict resolution and authentication mechanism. The implementation of SDN brings various benefits to the network scheme. From the research and survey, it has been concluded that the network security system can be developed by doing inspection of small packets of SDN. The countermeasures should be taken to overcome the situation of security challenges for the smooth functioning of software defined network.
References
Ali, S. (2015). A survey of securing networks using software defined networking. 1st ed. [ebook] Retrieved from: https://www2.ee.unsw.edu.au/~vijay/pubs/jrnl/15tor.pdf
Alsmadi, I. (2015). Security of software defined networks: A survey. 1st ed. [ebook] Retrieved from: https://www.profsandhu.com/cs5323_s17/alsmadi15.pdf
Dabbagh, M. (2016). Software defined networks security: Pros and cons. 1st ed. [ebook] Retrieved from: https://pdfs.semanticscholar.org/2aa1/5c14137460f5cf8b837b6cb21e4e791eb1a6.pdf
Dhawan, M. (2014). Detecting security attacks in software defined networking. 1st ed. [ebook] Retrieved from: https://people.eecs.berkeley.edu/~rishabhp/publications/Sphinx.pdf
Garg, G. (2014). Review on architecture and security issues of SDN. 1st ed. [ebook] Retrieved from: https://www.ijircce.com/upload/2014/november/42_Review.pdf
Horvath, R. (2015). A Literature review on challenges and effect of software defined networking. 1st ed. [ebook] Retrieved from: https://www.sciencedirect.com/science/article/pii/S1877050915026988
Nataranjan, S. (2016). A survey of security in software defined networks. 1st ed. [ebook] Retrieved from: https://pure.qub.ac.uk/portal/files/16066743/SDN_Security_Survey_FinalFile.pdf
Ramos, F. (2014). Towards secure and dependable software defined networking. 1st ed. [ebook] Retrieved from: https://www.ietf.org/proceedings/87/slides/slides-87-sdnrg-2.pdf
Shu, Z. (2016). Security in software defined networking: Threats and countermeasures. 1st ed. [ebook] Retrieved from: https://www.researchgate.net/publication/290477553_Security_in_Software-Defined_Networking_Threats_and_Countermeasures
Xu, K. (2013). Software defined networking challenges and future direction. 1st ed. [ebook] Retrieved from: https://iopscience.iop.org/article/10.1088/1757-899X/121/1/012003/pdf
Buy 6682 Information Security For The Assessment Answers Online
Talk to our expert to get the help with 6682 Information Security For The Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
