February 28, 2014 | Written by: Chenta Lee
Share this post:
Software Defined Networking (SDN) is an emerging technology that has come in tandem with the rise of cloud computing. This prominent technology adds a boost to network virtualization, which eliminates the boundary of the physical network topology. However, the dynamic nature of SDN makes it harder to manage compared to a traditional network. When securing a traditional network, we usually only pay attention to the perimeters. Unfortunately, it is not the same once we move to cloud, because locating network perimeters can be more difficult due to network virtualization and multitenancy.
Remember, every cloud has a sliver lining! Though SDN brings additional complexity to network security, the flexibility it provides in network topology is a powerful weapon in helping us to target attackers more clearly than we could ever do previously.
Paul Ashley is a Senior Technical Staff Member for the IBM Security Systems Division and his current focus is cloud security. Paul and I are writing a series of IBM developerWorks papers to show you how could we use IBM Security Network Protection solutions to secure SDN.
The first paper we wrote is called “Deploy IBM Security Network Protection in an Open vSwitchNetwork security on software-defined networks.” In it, we discuss how to protect the virtual machines running on a KVM hypervisor with Open vSwitch installed. Open vSwitch implements the OpenFlow standard, which has been widely used in many SDN infrastructures recently. It is the reason why we choose to support Open vSwitch as the first step to the secure the cloud.
You will find that IBM Security Network Protection could not only protect the network traffic sent from external machines but also the inter-VM traffic. The capability to inspect inter-VM traffic is mandatory due to the predictable surge of East-West traffic in the future.
In future papers, we will show you how to use a SDN controller to automatically protect all the virtual machines running on the hypervisor and how to integrate our solution to infrastructure as a service (IaaS) frameworks. If you also want to use SDN as a weapon to frighten the attackers just like we do, please follow this series and let us know if you need any help! You can also contact me on Twitter @ChentaLee.