Improving network security with software-defined networking
Permanent address of the item is
Verkon tietoturvan kehittäminen ohjelmisto-ohjatuilla verkoilla
Software-defined networking (SDN) is a new technology in computer networks, which enables the management of the network and the development of new network functions in a higher level of abstraction than in traditional networks. In the SDN concept, the management of the network can be centralized to a specific SDN controller instead of managing each network device separately through a vendor-specific interface. This enables new possibilities for designing computer networks and makes the administration easier than before. In this thesis we are considering the security improvements in computer networks achieved by the software-defined networking. The purpose of the research is to find out if the current maturity of the SDN technology allows traditional networks to be replaced by SDN and what kind of security enhancing network functions can be implemented with the SDN technology. We are also discovering existing SDN applications and solutions presented in former research. Based on the research, the solutions providing improved network security can be divided to two categories. First is the SDN security applications and second is the solutions that are providing better network management. Many of the proposed solutions are still under development and they will need more research and development contribution before they are ready for the production use. During the research, it became clear that the SDN technology brings new security threats for consideration because of the centralized network management and the management performed by software. In particular the attacks against the management network and the usage of the third party software are possible security threats. Currently, migration from a traditional network to an SDN based network needs still much resources, but in the future the technology will definitely become more common.