Archive

Securing Software Defined Networking: Using open standards with IBM solutions to secure your assets in the cloud

Share this post:

Software Defined Networking (SDN) is an emerging technology that has come in tandem with the rise of cloud computing. This prominent technology adds a boost to network virtualization, which eliminates the boundary of the physical network topology. However, the dynamic nature of SDN makes it harder to manage compared to a traditional network. When securing a traditional network, we usually only pay attention to the perimeters. Unfortunately,  it is not the same once we move to cloud, because locating network perimeters can be more difficult due to network virtualization and multitenancy.

security foundations for cloudRemember, every cloud has a sliver lining! Though SDN brings additional complexity to network security, the flexibility it provides in network topology is a powerful weapon in helping us to target attackers more clearly than we could ever do previously.

Paul Ashley is a Senior Technical Staff Member for the IBM Security Systems Division and his current focus is cloud security. Paul and I are writing a series of IBM developerWorks papers to show you how could we use IBM Security Network Protection solutions to secure SDN.

The first paper we wrote is called “Deploy IBM Security Network Protection in an Open vSwitchNetwork security on software-defined networks.” In it, we discuss how to protect the virtual machines running on a KVM hypervisor with Open vSwitch installed. Open vSwitch implements the OpenFlow standard, which has been widely used in many SDN infrastructures recently. It is the reason why we choose to support Open vSwitch as the first step to the secure the cloud.

You will find that IBM Security Network Protection could not only protect the network traffic sent from external machines but also the inter-VM traffic. The capability to inspect inter-VM traffic is mandatory due to the predictable surge of East-West traffic in the future.

In future papers, we will show you how to use a SDN controller to automatically protect all the virtual machines running on the hypervisor and how to integrate our solution to infrastructure as a service (IaaS) frameworks. If you also want to use SDN as a weapon to frighten the attackers just like we do, please follow this series and let us know if you need any help! You can also contact me on Twitter @ChentaLee.


More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, 16.0.0.4. It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading