What Are Software Defined Network Security Threats
As the software defined network developed security issues are also increased. Whereas,software defined networks become more open due to which attackers can get the information about networks and policies. DoS an attack also becomes higher as compare to earlier single router system. New entities and protocols also introduced new security threats.
Software Defined Network Security Threats in different layers are as under:
A- Application Layer Security Threats
Malicious network policies may be enforced by the attacker by manipulation of applications and have impact on software defined network control layer. Security threats for the application layer listed in the below table.
|Spoofing||Attackers got the user data and use them for further attack and do this by disguise the administrator.|
|Repudiation||Malicious network policies which were enforced by the user can be denied by the user and data can be copied and forwarded to the malicious server.|
|Information Disclosure||Attacker can disguise himself as a user and forged flows can be injected in network by software defined network application.|
|Application Vulnerability||Vulnerabilities in software defined networks applications like insecure coder and flaws in code may lead to access resources by the attackers.|
B- Control Layer Security Threats
Software defined network controller is the main thing in network so is security level must be maximum. If software defined networks controller is compromised then it will lead to destroy the whole network. Security threats of this layer given in the below table.
|Confliction of Flow rules||Malicious flows can bypass the security detection and conflict with previously configured security and can affect the software defined network controller adversely.|
|Insertion of Fake flow rules||Attacker may hijack the software defined network application and can insert some fake rules.|
|Spoofing||Attacker can get the control of the software defined network by disguising himself as administrator and can modify or remove the sensitive data.|
|DoS attack||Spoofed traffic can be created by an attacker and can make DoS attack and can fail the network.|
|Repudiation||Malicious flow rule which were inserted earlier by the software defined network application can be denied by the administrator.|
|Vulnerability of Operating system||As the software defined network controller run on operating system so the vulnerabilities of the operating system becomes the vulnerabilities of the software defined network controller.|
C- Resource Layer Security Threats
Security threats of the resource layer listed in the below table.
|Spoofing||Attacker can disguise to administrator and can delete and modify the sensitive data and can get sensitive data from the flow table.|
|Eavesdropping||Attacker can eavesdrop of flow software defined network switches to acquire the information of the traffic and device.|
|Overflow of Flow table||Capacity bottleneck of the flow table may lead to some flow table overflow.|
|Repudiation||Incorrect configuration may be denied by the administrator that he made earlier.|