Software Defined Networking (In)Security: All Your Control Plane Are Belong To Us…
My next series of talks are focused around the emerging technology, solutions and security architectures of so-called “Software Defined Networking (SDN)”
As this space heats up, I see a huge opportunity for new and interesting ways in which security can be delivered — the killer app? — but I also am concerned that, per usual, security is a potential after thought.
At an absolute minimum example, the separation of control and data planes (much as what we saw with compute-centric virtualization) means we now have additional (or at least bifurcated) attack surfaces and threat vectors. And not unlike compute-centric virtualization, the C&C channels for network operation represents a juicy target.
There are many more interesting elements that deserve more attention paid to them — new protocols, new hardware/software models, new operational ramifications…and I’m going to do just that.
If you’re a vendor who cares to share what you’re doing to secure your SDN offerings — and I promise I’ll be fair and balanced as I always am — please feel free to reach out to me. If you don’t and I choose to include your solution based on access to what data I have, you run the risk of being painted inaccurately <hint>
If you have any ideas, comments or suggestions on what you’d like to see featured or excluded, let me know. This will be along the lines of what I did with the “Four Horsemen Of the Virtualization Security Apocalypse” back in 2008.
Check out a couple of previous ramblings related to SDN (and OpenFlow) with respect to security below.