Академический Документы
Профессиональный Документы
Культура Документы
Security solutions
During our research of SDN security we found some threats that SDN
network could face and some vulnerabilities could be exploited from
attackers for hacking this type of network topology. In fact, the threat in
Software Defined-Network of any attack is possible from deferent places and
vulnerabilities as the following. In fact, the attacker can attack[3]: (See Figure).
However, Firewall application exists in the Floodlight controller as a Java Module comes
with a whole Java Floodlight Project. By default Firewall is disabled on the controller
unless the network administrator enabled it but once he enabled it then all the traffic
within the network will be blocked. After you enable the Firewall then you can define
your policies on your network withier by specifying them on the controller API interface
from the graphical user interface on the browser or you can do that by the Terminal in
Linux server and type ACL statements as commands. (See Figure 13). So, Firewall in
Floodlight controller is responsible for applying ACL statements and policies that you
have configured. Here below you can see the commands that are used to activate
inactivate the Firewall application[4],[2].
Activate Firewall
$ curl http://localhost:8080/wm/firewall/module/enable/json
Inactivate Firewall
$ curl http://localhost:8080/wm/firewall/module/disable/json
However, OpenFlowSec.org has offers a free SDN security suite involves SEFloodlight software besides SDN Actuator application and OF-BotHunter to
improve SDN security and treats its vulnerabilities and risks[6].
.
Figure 2: sFlow-rt monitor shows uncontrolled DDoS attack [9]