CompTIA Security+

CompTIA Security+ is the first security certification IT professionals should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.

24
Posts

344
Members

21
Followers

Topic menu

Stream CLIPP Knowledge

Syed Muzummil Enam

Dec 14, 2017

I have a question regarding SDN Security Risk. At the data plane layer, switches are vulnerable to denial-of-service (DoS) attacks. A malicious user can flood the switches with large payloads, causing legitimate packets to be dropped when a switch’s buffering capability is exceeded. What will be the possible ways to address this issue?

Azhar H Khuwaja Dec 15, 2017

Thanks for this excellent question.
The answer is very similar to the one which we use for traditional network environment. We use IPS/IDS to keep an eye on various suspicious behaviors/patterns of traffic. We also need those here but in virtual format. SDN Controller should have access to these virtual security appliances in order to enforce policies and monitor suspicious/malicious traffic and block (or raise alerts) depending on the preference of network admin. In this way, we can avoid flooding which result in Denial of Service attack and we end up running out of resources.