Explore the vulnerabilities and attack surfaces of Software-Defined Networking (SDN) infrastructure in this Black Hat conference talk. Delve into the security challenges across the SDN stack, including control plane, control channel, and data plane. Examine attacks on popular Network Operating Systems like OpenDaylight and ONOS, as well as the OpenFlow protocol and SDN-enabled switch devices. Witness demonstrations of critical attacks affecting network availability and confidentiality, such as uninstalling crucial SDN applications and manipulating logical network topology. Learn about SDN security projects, including Project Delta for penetration testing and Security-Mode ONOS for protecting against untrusted third-party applications. Gain insights into the importance of security vulnerability assessment in SDN adoption and the steps towards making it more secure.
Attacking SDN Infrastructure - Are We Ready for the Next-Gen Networking?
Overview
Syllabus
Intro
Traditional Networking
What is Software Defined Networking (SDN)?
Basic SDN operation
Data Center Network Design
Software-Defined Data Center (SDDC)
SDN Control Plane Components
Attack Vector: Misconfiguration
Attack Vector: Malware 1
Attack Vectors: Insider (tenant) attacks
Attack Scenario 1
Attack Scenario 2
No system integrity protection
No authentication of NOS cluster nodes
No application access control
Switch device firmware abuse
SDN Security Assessment: Project DELTA
SDN Application security policy enforcement
Final remarks
Thank you
Taught by
Black Hat
