Back to Search Start Over

Varnostna analiza krmilnika SDN za zrcaljenje omrežnega prometa

Authors :
MIHAJLOVIĆ, NEMANJA
Kos, Andrej
Publication Year :
2022

Abstract

V industriji obstaja veliko zahtev po izboljšanju storitev v bolj agilnem okolju in iskanju stroškovno učinkovitejših rešitev. Z virtualizacijo tehnologije in popularizacijo računalništva v oblaku tehnologija napreduje. Pri razvoju produktov, ki tečejo na virtualiziranih platformah je ključnega pomena zajem omrežnega prometa z uporabo zrcaljenja za potrebe odpravljanja napak, reševanja težav in končno tudi funkcionalnosti za zakonito prestrezanje. Pri produktih, ki tečejo na virtualiziranih platformah, določen omrežni promet ne zapušča strežnika, zato je potrebno omrežni promet zrcaliti na virtualizirani omrežni opremi. Programsko definirana omrežja avtomatizirajo omrežne sisteme in naredijo bolj programabilna omrežja, tako postane usmerjanje paketov bolj prilagodljivo. Tehnologija SDN omogoča centralizirano upravljanje zrcaljenja tako strojnih omrežnih naprav kot tudi virtualiziranih omrežnih naprav. S tem je upravljanje z zrcaljenjem kot tudi celotno upravljanje z omrežjem poenostavljeno tudi pri velikih postavitvah. V delu je prikazana vzpostavitev sistema za zrcaljenje prometa, kot en od primerov uporabe programsko definiranih omrežij. Ta rešitev uporablja omrežna stikala, ki s krmilnikom omogočajo lažjo in bolj dinamično konfiguracijo sistema za spremljanje in analizo paketov. Pri programsko definiranem omrežju obstajajo varnostni pomisleki, ker virtualizacija omrežne infrastrukture poveča potencialne vektorje napadov. Krmilnik, kot centralna točka odločanja, je običajno primarna tarča napadalcev. Zaradi te centralizirane zasnove programsko definiranih omrežij je ogrožanje varnosti krmilnika enako ogrožanju varnosti celotnega omrežja. Implementacija varnosti je nujna za nemoteno delovanje omrežja in zagotavljanje funkcije zrcaljenja prometa. V magistrskem delu smo najprej naredili pregled področja obstoječih tehnologij, nato pa še pregled varnostnih zahtev in ranljivosti v omrežju SDN. Raziskali smo različne grožnje in varnostna vprašanja krmilnika OpenDaylight. Na praktičnih primerih smo preverili napade na krmilnik in kako napadi vplivajo na zagotavljanje funkcije zrcaljenja prometa. Na koncu smo identificirali napade in predlagali tehnike za zaščito pred napadi. There are many demands in the industry to improve services in a more agile environment and find more cost-effective solutions. With virtualization and the popularization of cloud computing, technology is advancing. When developing products running on virtualized platforms, it is critical to capture network traffic using mirroring for debugging, troubleshooting, and lawful interception functionality. For products running on virtualized platforms, certain network traffic does not leave the server, so it is necessary to mirror the network traffic on the virtualized network equipment. Software Defined Networks (SDN) automate network systems and make networks more programmable, making packet routing more flexible. SDN technology enables centralized mirroring management of both hardware network devices and virtualized network devices. This simplifies mirroring management as well as overall network management even in large setups. The thesis shows how to set up a traffic mirroring system, as one of the examples of the use of software defined networks. This solution uses network switches with a controller that allows easier and more dynamic configuration of the system for packet monitoring and analysis. There are security concerns with SDN because virtualizing the network infrastructure increases potential attack vectors. The controller, as the central decision point, is usually the primary target of attackers. Because of this centralized design of SDN, compromising the security of a controller is tantamount to compromising the security of the entire network. The implementation of security is necessary for the smooth operation of the network and the provision of the traffic mirroring function. In the master's thesis, we reviewed the field of existing technologies, security requirements, and vulnerabilities in the SDN network. We investigated various threats and security issues of the OpenDaylight controller. Using practical examples, we evaluated possible attacks on the controller and how these affect the provision of the traffic mirroring function. Finally, we identified the attacks and suggested techniques to protect against the attacks.

Details

Language :
Slovenian
Database :
OpenAIRE
Accession number :
edsair.od......3505..0c1632fea6e7802e1ce0e8182d0b7d6a