izpis_h1_title_alt

Varnostni izzivi in rešitve v programsko definiranih omrežjih
ID Jenko, Ana (Author), ID Kos, Andrej (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,47 MB)
MD5: 5D5AB8E48623AE965CAF897BFCD308EA

Abstract
Klasična omrežja pri zadoščanju potreb uporabnikov v današnjem svetu naletijo na mnoge omejitve, kot so odvisnost od nespremenjenih protokolov, porazdeljen nadzor in težko preprogramirljiva strojna oprema, zato se je pojavil koncept SDN. Omrežja SDN krmilno ravnino ločijo od podatkovne in tako logiko celotnega omrežja združijo v centraliziranem krmilniku, do katerega lahko administrator dostopa in ga programira preko NBI vmesnika API. Krmilnik je s pomočjo globalnega pregleda topologije omrežja sposoben sprejemati optimalne omrežne odločitve. Poleg izboljšanega nadzora in upravljanja koncept SDN doprinese tudi višji nivo avtomatizacije, pomanjkljivosti omrežij SDN pa se nahajajo na področju varnosti. Centralizacija krmiljenja implicira višjo frekvenco in večjo uspešnost napadov DoS, saj krmilnik predstavlja kritično točko odpovedi sistema. Uspešni napadi DoS rezultirajo v preobremenjenosti in posledični odpovedi krmilnika ali pa v poplavljanju tokovnih tabel v stikalih podatkovne ravnine omrežja. Drugi najbolj nevaren tip napada na omrežja SDN je nepooblaščen dostop do krmilnika, saj lahko v tem primeru napadalec s spreminjanjem obstoječih tokovnih pravil promet preusmeri v zlonamerna vozlišča ali pa omrežje zastruplja z vrinjanjem zlonamernih paketov. Omrežja pred napadi ščitijo varnostnimi mehanizmi. Z njimi napade opazujemo (podatkovne pasti za napadalce), zaznavamo (IDS, detektor DDoS) ali preprečujemo (IPS, požarni zid). Pri varnosti sodelujejo tudi metode zgoščevanja, šifriranja in avtentikacije, lahko se poslužimo rešitev kot so globoko pregledovanje paketov, upravljanje varnostnih informacij in dogodkov, blokovne verige in strojno učenje. V omrežjih SDN ključni pomen nosi tudi virtualizacija, ki poleg večje kapacitete, agilnosti in razporejanja obremenitve nudi tudi razširljiv okvir za dinamično upravljanje kibernetske varnosti. V zadnjem delu svojega diplomskega dela sem se osredotočila na pet primerov praktične uporabe tehnologije SDN na različnih področjih, in sicer na uporabo v: podatkovnih centrih, prostranih omrežjih, združenih omrežnih in varnostnih funkcijah v oblaku, omrežjih 5G in v povezanih avtonomnih vozilih. Raziskala sem varnostne izzive in rešitve v omrežjih SDN.

Language:Slovenian
Keywords:programsko definirano omrežje, SDN, krmilnik SDN, varnostne grožnje, napadi DoS/DDoS, varnostni mehanizmi
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FE - Faculty of Electrical Engineering
Year:2024
PID:20.500.12556/RUL-154052 This link opens in a new window
COBISS.SI-ID:182134531 This link opens in a new window
Publication date in RUL:22.01.2024
Views:207
Downloads:33
Metadata:XML RDF-CHPDL DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Security challenges and solutions in software-defined networks
Abstract:
When traditional networks try to meet the needs of today’s society, they encounter many limitations such as dependence on unchanged protocols, distributed control and hardware that is difficult to reprogram, which is why the concept of SDN has emerged. SDN networks separate the control plane from the data plane and thus combine the logic of the entire network in a centralized controller that can be accessed and programmed by the administrator via the NBI API interface. With the help of a global view of the network, the controller can make optimal network decisions. In addition to improved control and management, the concept of SDN also provides a higher level of automation, while the main drawback of SDN is poor security. The centralization of network control implies a higher frequency and greater success of DoS attacks since the controller presents a single point of failure. Successful DoS attacks result in controller overload and failure, or in flooded flow tables of the switches in the network's data plane. The second most dangerous type of attack on SDN networks is unauthorized access to the controller, as the attacker can change the existing flow rules and therefore redirect traffic to malicious nodes or perform poisoning attack by injecting malicious packets into the network. Networks are being protected from attacks by security mechanisms. They are used to capture (honeypots, honeynets), detect (IDS, DDoS detector) or prevent (IPS, firewall) attacks. Methods of hashing, encryption and authentication are also involved in security. We can also use solutions such as deep packet inspection, security information and event management, blockchains and machine learning. In SDN networks, virtualization also plays an important role. In addition to a greater capacity, agility of network and load distribution, virtualization also provides an extensible framework for dynamic cybersecurity management. In the last part of my thesis, I focused on five examples of practical use of SDN technology in different areas, namely in: data centres, wide-area networks, secure access service edge, 5G networks and in connected autonomous vehicles. I researched security challenges and solutions in SDN networks.

Keywords:software-defined network, SDN, SDN controller, security threats, DoS/DDoS attacks, security mechanisms

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back