Creating Resilient Software Defined Networks (SDN)

Transcript

1. Resilient SDN Controllers Arun Sood, PhD Prof Computer Science, Dir

   International Cyber Center, GMU Founder CEO SCIT Labs Shahid N. Shah CEO Netspective Communications All Rights Reserved - SCIT Labs Confidential and Proprietary

2. Application Application Application Application Controller Management Monitoring APIs SDN Devices

   Application Layer Control Layer Infrastructure Layer SDN Architecture 2

3. SDN Security Threat Vectors 3 • Insert forged traffic •

   Communication paths • Network device vulnerabilities • Device logs • Controller vulnerabilities

4. SDN Controllers 4 • Centralized or Distributed • Potential for

   single point of failure • Physical access • Static systems • Monitoring and remote access • Software driven - vulnerable to attack

5. Breaches in the News • South Carolina Department of Revenue:

   33 malwares were used to attack 44 systems – 75 GB lost; 3.8 M individual and >699K business tax returns; remediation cost estimated at $19 million • Target: False positives overwhelmed the security team – 40 million credit debit card info stolen; $236 million in expenses • Home Depot: Zero day attack – customized malware was not detected – 56 M cards stolen over five months. Cost $62 million • Reactive Security works some of the time. Remediation costs are high

6. Cyber Threat Observations I. Intrusions are inevitable. Most breaches discovered

   by third parties II. Malware installed. Intruders stay in systems for days, weeks, months III. Current servers are “sitting ducks” 6

7. 7 IDS, Firewall, IPS Monitoring High Losses Low High Intruder

   Residence Low Manual Reimage Resilience Automated Restoration Losses vs Intruder Residence 7 Perfect Software White Listing

8. Cyber Resilience 8 • Typical requirements – Continuity of operations

   – Meet mission requirements – Limited degradation of performance • Operational requirement for threat deterrence – Restoration to pristine uncontaminated state

9. Risk Management Approach Cyber Risk = Threats x Vulnerabilities x

   Consequences Focus on Consequence Management Resilience through seamless recovery User trade-off: compute cycles vs cyber risk (exposure)

10. 10 Cyber Kill Chain

11. Resilience Approach: Self Cleansing Intrusion Tolerance Restoration & Moving Target

    Defense – How it works 11

12. Constantly Restore Server Integrity 12

13. Additional Advantages of Resilience & Restoration Approach 13 Security •

    Reduce data ex-filtration losses – Disconnect from malicious site – Rate modulation on outgoing data • IT Early warning • Respond to high threat intensity • Software whitelist on steroids • Reduce SOC ticket response time • Recovery • Forensic System & Network Management • Operational Resilience – No memory leaks – Apply hot patches – no server reboot required – Quick recovery from bad patch – Better manage the level of testing required • Configuration management • Automatically replace compromised VMs • Supports disaster recovery

14. Cyber Security Solution Properties 14 • Accuracy • Speed •

    Agility • Automation • Defender workload vs Attacker workload

15. Conclusion 15 • SDN security requires a resilience approach •

    SDN controller needs particular focus – Static implementations lead to asymmetric advantage for attacker – Successful persistent attacks can damage the network • SDN transactions are short – enables automated restoration • Cost of computer cycles is falling - supports a restoration strategy

16. PROACTIVE CYBER ATTACK DEFENSE 6 issued US patents (2009 –

    2013) http://scitlabs.com/en/download/videos Arun Sood, Ph.D. [email protected] 16

17. Architects & Engineers for next generation networks http://www.Netspective.com Shahid N.

    Shah @ShahidNShah http://www.ShahidShah.com 17