Because of SDN is one from the newest technology in Networking so

networkers should know about it and learn it wherever students or experts.

Therefore, the security aspect of this technology is very important because it
works based on centralization and intruders can control everything from the
SDN controller on the server. You know that hackers has the desire to try
everything new because people who developed this they dont have a
sufficient experience to protect SDN Network, and that because it is a new
technology. By this I mean, each security policy and protection technique is
designed based on a fraud or attack from hackers and intruders. For
example, experts have developed sFlow-rt for detecting DDoS attack then
administrator will try to prevent this attack[1].
However, from SDN technology goals to enhance Network security but based
on experts if the security policies configured in a wrong way then this could
be a threat for your network. In other words, you have to configure the
firewall and Access Control List in the right way and avoid mistakes because
these services represent most of the security policies of the controllers. Also,
network administrator should take of his consideration that is anyone might
bring down the entire network. For example, if he configures the QoS of
network to transmit only VoIP traffic through the network then this will
prevent other types of traffic to be transmitted[2].
Fortunately, security is one aspect that gains more weight within the
corporate business plans. Threats rival in sophistication and counteract urges
more accurately and quickly. Moreover, the aim of the attacks are no longer
networks and communications, but corporate users who have been identified
as the weakest link in the chain of corporate security, where BYOD (Bring
Your Own Device) environments have become a constant concern.
We are facing a new scenario that requires a complete review of the security
policy of companies and audit areas and existing security resources to
confirm its current validity. And the speed with renewing and propagate
these complex malware becomes inefficient much of firewalls present in
organizations.
Fortunately, the security industry has reacted in parallel with the evolution of
threats, offering different proposals that offset them. In this "technological
war", the deployment of software-defined networking (SDN Networking
Software-Defined) provides a framework of greater than traditional networks
protection.
This is because the paradigm SDN enables a network architecture in the
control plane data plane is separated, allowing the networks are not simply

configurable, but also programmable, and no node to node, but a centrally

by software. The existence of open interfaces on different machines allows
this programming.
SDN brings to network management and communications flexibility and ease
of administration without which could hardly be answered with the quality
and speed required to exponential growth of data existing centers, increased
consumption cloud and increasing demands bandwidth.

Security solutions
During our research of SDN security we found some threats that SDN
network could face and some vulnerabilities could be exploited from
attackers for hacking this type of network topology. In fact, the threat in
Software Defined-Network of any attack is possible from deferent places and
vulnerabilities as the following. In fact, the attacker can attack[3]: (See Figure).

The application on the controller

The controller itself
The link between controller
The link between the controller and switch
Between switches
The switch itself

Figure 1: Possible attack in SDN architecture[3]

1. Floodlight Firewall application

However, Firewall application exists in the Floodlight controller as a Java Module comes
with a whole Java Floodlight Project. By default Firewall is disabled on the controller
unless the network administrator enabled it but once he enabled it then all the traffic
within the network will be blocked. After you enable the Firewall then you can define
your policies on your network withier by specifying them on the controller API interface
from the graphical user interface on the browser or you can do that by the Terminal in
Linux server and type ACL statements as commands. (See Figure 13). So, Firewall in
Floodlight controller is responsible for applying ACL statements and policies that you
have configured. Here below you can see the commands that are used to activate
inactivate the Firewall application[4],[2].

Activate Firewall

$ curl http://localhost:8080/wm/firewall/module/enable/json

Inactivate Firewall

$ curl http://localhost:8080/wm/firewall/module/disable/json

Figure 2: Firewall API REST Interface from Floodlight controller

2. SDN Security suite

OpenFlow service has to be presented in a typical SDN network that might
lead to flow-rule inferences and many unexpected interactions between flow
rules. By this I mean, they may have vulnerabilities, backdoors, or produce
flow rules in an expected way that may allow exploit by wicked users
remotely who has the ability to con the right packet streams. Security of an
SDN network should not depend on the absence of bugs or vulnerabilities at
the application layer[5].

However, OpenFlowSec.org has offers a free SDN security suite involves SEFloodlight software besides SDN Actuator application and OF-BotHunter to
improve SDN security and treats its vulnerabilities and risks[6].

3. DDoS Attack and sFlow-rt Tool

The denial of service (DoS) are probably one of the simplest types of attacks
carried out and at the same time one of the most difficult to counter. These
facts have led in recent times that this type of computer attacks have
become common resource for all kinds of hackers, but we can also serve
network administrators as a test to see how far can get to answer our
systems.
Denial of Service (Dos) is basically already broadly to send a large number of
requests to a server so that legitimate users of the service cannot access
these resources, for example when a web is saturated by a DoS attack a user
who wants to consult the web will find fall.
Historically DoS attacks were reserved and only used to run hackers against
rival groups, websites, servers ... but the appearance of public tools (LOIC ..)
and the great growth of botnets and with them the evolution of DoS DDoS
attacks (Distributed Denial of Service) have made as we mentioned that such
attacks have become very common, causing multibillion-dollar losses each
year[3], [7].
companies are able to deactivate a threat and continue normal operations. Perhaps
never the main goal behind an attack is known, thats remind you that the threat is exist.
In case if you want to lessen this threat, the service providers should combine their
power. And if you want to provide a quick recovery, check that you have the necessary
tools for identifying an attack, beside resources and sufficient information to deal these
types of situations.
However, sFlow-We can use sFlow-rt tool for countmeasuring of the traffic wither come
or out to the SDN controller. This tool can be used on Floodlight controller and can show
you the size of traffic as a chart in case if the controller receives many pings massages
as ICMP packets. This tool gives the opportunity rapidly detect DDoS attacks and drive
automated controls to mitigate their effect[8], [9].

.
Figure 2: sFlow-rt monitor shows uncontrolled DDoS attack [9]