Software defined networking (SDN) moves networking from hardware to the software plane, under management of a software controller. Benefits include automating and easing network administration duties and improving application performance. As a new technology, SDN is subject to vulnerabilities.
But with SDN, the industry knows certain vulnerabilities are native to the approach. First, according to Chris Weber, Co-Founder, Casaba, centralizing control in an SDN controller removes protective, layered hardware boundaries such as firewalls. Second, according to Gartner analyst Neil MacDonald, by decoupling the control plane from the data plane, SDN introduces new surface areas such as the network controller, its protocols and APIs to attack.
Third, and an advantage of SDN, the software controller can be installed on COTS hardware on top of an OS such as Windows or Linux, also COTS, saving implementation and other costs. But according to Ramsey Dow, a Partner at Casaba, a host of historically recurring attacks such as buffer overflows that lead to remote code execution plagues these operating systems. And that places the SDN controller at the same risk as the OS.