SoylentNews is people
SoylentNews
Software-defined networking (SDN) controllers respond to network conditions by pushing new flow rules to switches. And that, say Italian researchers, creates an unexpected security problem.
The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, including network virtualisation setups, quality of service policies, and more importantly, security tool configuration information such as "attack detection thresholds for network scanning".
Even a single switch's flow table, they write, can provide this kind of information, as well as serving as a side-channel for an attacker to exploit.
The three network boffins – Mauro Conti of the University of Padova, and Sapienza University's Fabio De Gaspari and Luigi Mancini – are particularly concerned about SDN being exploited to help an attacker build a profile of the target network, in what they call a Know Your Enemy (KYE) attack.
For example, they write, an attacker could potentially:
- Connect to the passive listening ports most SDN switches include for remote debugging, to retrieve the flow table (they offer HP Procurve's dpctl utility as an example);
- Infer information about the flow table from jitter (that is, round trip time (RTT) – variance);
- Sniff control traffic, because of inadequate protection (not using TLS, or not using certificates for authentication;
- Exploit vulnerabilities that might exist in switch operating systems, such as backdoors; or
- Copy the flow table or memory content of the switch to an external location.
The paper points out that none of this is specific to particular devices: "the KYE attack exploits a structural vulnerability of SDN, which derives from the on-demand management of network flows, that in turn is one of the main features and strengths" of SDN.
(Score: 2, Insightful) by Anonymous Coward on Saturday August 27 2016, @09:48AM
Nobody cares, and the industry is poorer for it.
Back in the old days (ten years ago), we said "Cloud" and "Utility Computing" presented massive security risks, but that all fell on deaf ears.
Now we're desensitized to the regular data breaches, data mining, attacks on our privacy, etc.
So go ahead! Hack our software-defined networking, mirror our traffic and channel it to your servers in Fuckovistan for analysis and resale. We can't bother paying anyone to properly secure our networks anyway, and there's little risk that a data breach would hurt our stock prices.
(Score: 0) by Anonymous Coward on Saturday August 27 2016, @10:53AM
What happened between the old days (ten years ago) and now, to change everything? Facebook happened. Socialites happened. The expectation of privacy changed. Your data is public anyway. Security is irrelevant.
(Score: 0) by Anonymous Coward on Saturday August 27 2016, @04:16PM
It's also an extension of the danger-filled world that oddly makes most people happy. The world needs to be dangerous so that god can punish bad people. Bad things only happen to bad people. I think this is called the just world hypothesis [wikipedia.org].
(Score: 0) by Anonymous Coward on Saturday August 27 2016, @05:14PM
After I had a motorcycle accident (broken ankle, healed OK) in the 1980s, a friend remarked that even someone experienced and trained (I was both, from a young age) can be taken out by an unobservant car driver. I was 30 at the time. That was the end of any hope I held out for the just world hypothesis applying to me.