nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

8. Security Analysis of SDN WAN Applications—B4 and IWAN

verfasst von : Rajat Jain, Rahamatullah Khondoker

Erschienen in: SDN and NFV Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Software defined applications for WAN (Wide Area Network) are primarily designed to manage and deploy enterprise WAN infrastructure. SDN controller feature helps an organization to automate complex WAN configuration and route data efficiently among its remote sites from a centralized point. Recently various vendors have stepped in this market and claim their product to be the solution for WAN management problems. However, automating the network through a centralized controller makes the network a handy target for attackers to exploit. Compromising the controller or its application can pose serious threat to network devices and traffic flow. This motivated us to study the vulnerabilities of two such SDN WAN applications—Google’s B4 and Cisco’s IWAN. For the analysis, we used the Microsoft’s threat analysis method called STRIDE. In the analysis, we found out that both B4 and IWAN might suffer from security threats like Spoofing, Tampering, Information Disclosure and Denial of Service (DoS) and each vulnerability found in the application using STRIDE threat model, can be mitigated using available IT security mechanisms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Analysis of SDN Applications for Smart Grid Infrastructures

The Zettabyte Era Trends and Analysis. http://www.cisco.com/c/en/us/solutions/collateral/serviceprovider/visual-networking-indexvni/VNIHyperconnectivityWP.html. Accessed 27 July 2016

Stallings W (2016) Software Dened Networks and OpenFlow. http://www.cisco.com/web/about/ac123/ac147/archivedissues/ipj16-1/161sdn.html. Accessed 27 July 2016

McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38(2):69–74CrossRef

Dix J (2016) The rst place to tackle SDN: in the WAN. http://www.networkworld.com/article/2873964/sdn/therst-place-to-tackle-sdn-inthe-wan.html?page=2. Accessed 02 Jan 2016

Software-dened networking: why we like it and how we are building on it. http://www.cisco.com/c/dam/en us/solutions/industries/docs/gov/cis13090sdnsledwhitepaper.pdf. Accessed 29 July 2016

Jacobs D (2016) How software-dened WAN architecture is changing the market. http://searchsdn.techtarget.com/tip/How-software-denedWAN-architecture-is-changinthemarket

Cisco Intelligent WAN. http://www.cisco.com/c/en/us/solutions/enterprise-networks/intelligent-WAN/index.html. Accessed 29 July 2016

Software-defined WAN: more uptime for your network, more downtime for you. http://www.cloudgenix.com/software-definedwan/. Accessed 29 July 2016

Secure Extensible Network (SEN) Solution. http://VIPtea.com/solutions/overview/. Accessed 29 July 2016

10.

Jain S, Zhu M, Zolla J, Holzle U, Stuart S, Vahdat A, Kumar A, Mandal S, Ong J, Poutievski L, Singh A, Venkata S, WANderer J, Zhou J (2013) B4: Experience with a globally-deployed software defined WAN. In ACM SIGCOMM Computer Communication Review, ACM, vol 43, pp 3–14

11.

Feamster N, Rexford J, Shenker S, Clark R, Hutchins R, Levin D, Bailey J (2013) SDX: a software-defined internet exchange. Open Networking Summit

12.

Microsoft, improving web application security: threats and countermeasures. https://msdn.microsoft.com/en-us/library/ff648644.aspx. Accessed 02 Jan 2016

13.

UcedaVelez T (2012) Real world threat modeling using the PASTA methodology. OWASP App Sec EU 2012

14.

Saitta P, Larcom B, Eddington M (2005) Trike v.1 methodology document[draft]. http://dymaxion.org/trike/Trike pdf,2005

15.

Schneier B (1999) Attack trees. Dr. Dobb’s J

16.

Jan Jürjens (2002) UMLsec: extending UML for secure SystEMs development. In J ez equel JM, Hussmann H, Cook S (eds.) UML 2002, LNCS 2460. Springer, Heidelberg, pp 412–425

17.

Christopher A, Audrey D, James S, Carol W (2003) Introduction to the OCTAVE ® approach. Carnegie Mellon University, Pittsburgh, pp 15213–3890

18.

Misuse cases. http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1119contextism. Accessed 29 July 2016

19.

Qualitative risk analysis with the DREAD model, Posted in General Security on 21 May 2014. http://resources.infosecinstitute.com/qualitative-risk-analysis-dread-model/. Accessed 29 July 2016

20.

The CORAS approach to model-driven risk analysis. https://securitylab.disi.unitn.it/lib/exe/fetch.php. Accessed 29 July 2016

21.

Johnstone MN (2010) Threat modelling with STRIDE and UML

22.

Tasch M, Khondoker R, Marx R, Bayarou K (2014) Security analysis of security applications for soft-ware defined networks. In Proceedings of the AINTEC 2014, ACM, p 23

23.

Cisco Intelligent WAN Design Guide. http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Jan2015/CVD-IWANDesignGuide-JAN15.pdf. Accessed 29 July 2016

24.

An introduction to IP security (IPSec) encryption. http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/16439-IPSECpart8.html. Accessed 29 July 2016

25.

Dynamic trunking protocol. http://www.cisco.com/c/en/us/tech/lan-switching/dynamic-trunking-protocol-dtp/index.html. Accessed 29 July 2016

26.

Cisco OS synchronized logs: Syslog. http://www.cisco.com/c/en/us/tech/ip/syslog/index.html. Accessed 29 July 2016

27.

TACAS: accounting, authorization, acconting. http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html. Accessed 29 July 2016

28.

IPSEC RSA negotiation. http://www.cisco.com/c/en/us/td/docs/iosxml/ios/configuration/xe-3s/sec-ike-for-ipsec-vpns-xe-3s-book/sec-key-exch-ipsec.html. Accessed 29 July 2016

29.

Cisco IOS security. http://www.cisco.com/c/en/us/about/security-center/integrity-assurance.html. Accessed 29 July 2016

30.

Cisco control plane policy. http://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html. Accessed 29 July 2016

Titel: Security Analysis of SDN WAN Applications—B4 and IWAN
verfasst von: Rajat Jain
Rahamatullah Khondoker
Verlag: Springer International Publishing
Buch: SDN and NFV Security
Print ISBN: 978-3-319-71760-9

Electronic ISBN: 978-3-319-71761-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-71761-6_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"