Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Creating Resilient Software Defined Networks (SDN)

Creating Resilient Software Defined Networks (SDN)

Dr. Arun Sood and I presented a new approach for how to create reliable and resilient software defined networks.

Shahid N. Shah

December 10, 2014
Tweet

More Decks by Shahid N. Shah

Other Decks in Technology

Transcript

  1. Resilient SDN Controllers Arun Sood, PhD Prof Computer Science, Dir

    International Cyber Center, GMU Founder CEO SCIT Labs Shahid N. Shah CEO Netspective Communications All Rights Reserved - SCIT Labs Confidential and Proprietary
  2. Application Application Application Application Controller Management Monitoring APIs SDN Devices

    Application Layer Control Layer Infrastructure Layer SDN Architecture 2
  3. SDN Security Threat Vectors 3 • Insert forged traffic •

    Communication paths • Network device vulnerabilities • Device logs • Controller vulnerabilities
  4. SDN Controllers 4 • Centralized or Distributed • Potential for

    single point of failure • Physical access • Static systems • Monitoring and remote access • Software driven - vulnerable to attack
  5. Breaches in the News • South Carolina Department of Revenue:

    33 malwares were used to attack 44 systems – 75 GB lost; 3.8 M individual and >699K business tax returns; remediation cost estimated at $19 million • Target: False positives overwhelmed the security team – 40 million credit debit card info stolen; $236 million in expenses • Home Depot: Zero day attack – customized malware was not detected – 56 M cards stolen over five months. Cost $62 million • Reactive Security works some of the time. Remediation costs are high
  6. Cyber Threat Observations I. Intrusions are inevitable. Most breaches discovered

    by third parties II. Malware installed. Intruders stay in systems for days, weeks, months III. Current servers are “sitting ducks” 6
  7. 7 IDS, Firewall, IPS Monitoring High Losses Low High Intruder

    Residence Low Manual Reimage Resilience Automated Restoration Losses vs Intruder Residence 7 Perfect Software White Listing
  8. Cyber Resilience 8 • Typical requirements – Continuity of operations

    – Meet mission requirements – Limited degradation of performance • Operational requirement for threat deterrence – Restoration to pristine uncontaminated state
  9. Risk Management Approach Cyber Risk = Threats x Vulnerabilities x

    Consequences Focus on Consequence Management Resilience through seamless recovery User trade-off: compute cycles vs cyber risk (exposure)
  10. Additional Advantages of Resilience & Restoration Approach 13 Security •

    Reduce data ex-filtration losses – Disconnect from malicious site – Rate modulation on outgoing data • IT Early warning • Respond to high threat intensity • Software whitelist on steroids • Reduce SOC ticket response time • Recovery • Forensic System & Network Management • Operational Resilience – No memory leaks – Apply hot patches – no server reboot required – Quick recovery from bad patch – Better manage the level of testing required • Configuration management • Automatically replace compromised VMs • Supports disaster recovery
  11. Cyber Security Solution Properties 14 • Accuracy • Speed •

    Agility • Automation • Defender workload vs Attacker workload
  12. Conclusion 15 • SDN security requires a resilience approach •

    SDN controller needs particular focus – Static implementations lead to asymmetric advantage for attacker – Successful persistent attacks can damage the network • SDN transactions are short – enables automated restoration • Cost of computer cycles is falling - supports a restoration strategy
  13. PROACTIVE CYBER ATTACK DEFENSE 6 issued US patents (2009 –

    2013) http://scitlabs.com/en/download/videos Arun Sood, Ph.D. [email protected] 16