SlideShare une entreprise Scribd logo

Security defined routing_cybergamut_v1_1

Joel W. King
Joel W. King

http://cybergamut.com/2014/09/technical-tuesday-28-october-2014-software-defined-networking-by-joel-king-of-world-wide-technology/

Technologie
1  sur  40
Télécharger pour lire hors ligne
Copyright © 2014 World Wide Technology, Inc. All rights reserved. Security-Defined Routing Joel W. King Technical Solutions Architect Enterprise Networking Solutions Engineering and Innovations
Agenda •Background: Who, What and Why? •Process flow – Topology Diagrams •OpenFlow Mechanics •Software •Monitoring Network •Demonstration Video •Summary
Who am I? •Software-Defined Networking Discipline Lead at WWT •Goal: First to Educate •Oversee SDN solution architectures, training and education for sales engineering, demonstrations, workshops. Focus area: Network Programmability •Previously •NetApp E-Series Storage – Big Data •Cisco Systems CVDs – Cisco Validated Designs
Why this was developed •World Wide Technology (wwt.com) •Value added systems integrator and supply chain solutions provider •Advanced Technology Center (ATC) Hands-on access to over $50M in data center, virtualization, collaboration, networking and security solutions. •Premise: Demonstrate a Software-Defined Networking (SDN) use case •Integrate: SDN with Cyber Analytics Reference Architecture (CARA)
What is Security-Defined Routing? •Security-Defined Routing (SDR) is a play on the term Software-Defined Networking (SDN) •Security-Defined Routing •Uses SDN (OpenFlow) switches, •Dynamic reprogramability of network flows. •Normal IP packet forwarding reacts to security analytic engines •Integrating security analytics with packet forwarding behavior •Central Network Control dates back to AT&T’s Network Control Point in 1977. •Why should cyber professionals care about SDN and Openflow? http://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly
Historical view of SDN • Purist view of SDN has two characteristics (*) • Control plane is separated from device implementing data plane, • Single control plane manages multiple network devices • SDN / OpenFlow initial deployments were network research at universities – (Stanford ) providing a cost effective and ‘clean slate’ network architectures. • OpenFlow is only one instantiation of SDN principles. • SDN is a tool to enable a higher degree of control over network devices. Control Plane (1) The Road to SDN: An Intellectual History of Programmable Networks
What is OpenFlow? •Open Networking Foundation (ONF) manages the standard. •Originated at Stanford University 2005 - 2009 - Martin Casado, et al. •OpenFlow- a communications protocol that gives access to the forwarding plane of a network devices - Southbound from the SDN controller to communicate with switches. •Flow Entry - an element in a flow table used to match and process packets a data structure of matches, actions, counters, priority, and timeout values. Fields from Packets Match against flow entries •Ingress port •Ethernet Source | Destination Address •VLAN ID and Priority •IP Source and Destination Address Actions •Multiple actions can be specified •Example: output to multiple ports, drop •IP Protocol •IP ToS bits •TCP | UDP source port •TCP | UDP destination port
Basic Building Blocks: Controllers and Agents Some network functionality is better implemented from centralized coordination of all the devices in the network domain. •Controller – process on a server interacting with network devices using APIs / protocols. •Agent – process on network devices implementing a specific function. •API – allow applications external to the controller to query and change the network configuration
Next Generation Firewalls •Next-Generation Firewall Services provide more granular application usage control policies than port based firewalls. •Advanced network security functions that are computationally intensive — and they must do so in real-time while introducing little or no latency. •Has the Layer 3 topology changed when deploying Next-Generation Firewalls? •Why does the Firewall function need to be in the forwarding path?
Value of Separating Detection from Prevention Separation of intrusion detection (IDS) function from the intrusion prevention (IPS) function, provides: •Enhanced Scalability •Seamlessly Manage Appliances •Multiple ‟Sets of Eyes” •Rapid Mitigation •Consistent Policy Implementation •Cost Effective
Security-Defined Routing SDR Solution includes the following components: • An SDN controller • OpenFlow switches between WAN edge routers and a corporate firewalls • Security-Defined Routing (SDR) software developed by World Wide Technology (WWT) • Security analytics software • Cisco Sourcefire • RSA Security Analytics • Open Source Snort NEXUS-7K Internal network Internal network SDN Controller w/ Security-Defined Routing software syslog Internet DMZ OpenFlow switch Monitoring Network
Process Flow
Security-Defined Routing Trust Zone DMZ Un-Trusted Zone
Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow ALERT! Security-Defined Routing
Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow attack Security-Defined Routing
Security-Defined Routing •Software-Defined Networking (OpenFlow) switches can be programmed to : •Drop packets •Replicate packets (e.g. SPAN / TAP) for monitoring •Selectively divert traffic flows from the normal forwarding path. •Security Analytics devices - intrusion detection system (IDS) identify malicious traffic. •Python modules •Parses a Snort, RSA Security Analytics, Cisco Sourcefire alert (log) file •Creates ‘firewall’ rules for the SDN controller and switch to implement •Uses REST API to dynamically modify forwarding behavior to shunt traffic •Offending host is blocked or routed to honeypot
OpenFlow Mechanics
OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside Honey Pot
OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Outside Outside Inside & Analytics Honey Pot
OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Outside Outside Inside & Analytics Honey Pot Honey Pot TCP 443 Honey Pot TCP 443 Honey Pot Outside 198.19.3.1 Or Drop
Cisco Extensible Network Controller LLDP ARP IPv4 IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Inside Outside Outside Outside Inside & Analytics LLDP ARP IPv4 IPv4 IPv4 TCP 80 IPv4 TCP 443 Honey Pot Steady State configuration
Flow Removal •OpenFlow provides for aging flows from the switch •Each flow entry has an idle_timeout and a hard_timeout •Switches will remove flows older than the hard_timeout •Idle_timeout invoked if no packets match during the timer •The Northbound REST API can be used to manually delete flows •The demo code removes flows after a few minutes. •Caveats •DDoS attackes could generate more flows than the switch can handle •Switches vary in the number of flows supported.
Software
Process Flow sst.py ./log --help --debug ./log/ alert Snort ./rules XNC.py module REST API XNC (SDN) Controller OpenFlow Inside Outside TAP parsealert.py syslog /var/log/syslog
Log Parser $ python parsealert.py --help usage: parsealert.py [-h] --engine ENGINE --file FILE --command COMMAND [--trigger TRIGGER] [--debug] parsealert.py - Reads syslog or local files from analytic engines, calls sst.py to push flow elements to an XNC controller. Copyright (c) 2014 WorldWide Technology, Inc. optional arguments: -h, --help show this help message and exit --engine ENGINE Specify snort, rsa or sourcefire keyword to indicate the input file --file FILE Input file name. --command COMMAND Command file name in ./config directory --trigger TRIGGER The value of the trigger, if not specified, default is __S_ --debug When specified enables debugging
C:>python sst.py --help usage: sst.py [-h] --cact CACT --cip CIP --cuid CUID --cpw CPW --dpid DPID --fname FNAME --act ACT --pri PRI --et ET [--nwsrc NWSRC] [--nwdst NWDST] [--proto PROTO] [--tpsrc TPSRC] [--tpdst TPDST] [--iport IPORT] [--debug] Copyright (c) 2014 World Wide Technology, Inc. optional arguments: -h, --help show this help message and exit --cact CACT Controller action, (eg. PUT, DELETE, LIST) a flow element --cip CIP Controller IP / Hostname --cuid CUID Controller username --cpw CPW Controller password --dpid DPID Data Path Identifier of the OpenFlow switch --fname FNAME Flow name, unique identifier --act ACT Action(s) to implement, eg. DROP, OUTPUT=48 --pri PRI Flow priority, higher numbers have more precedence --et ET Ethertype, eg. IPv4, IPv6. --nwsrc NWSRC Source IP address --nwdst NWDST Destination IP address --proto PROTO Protocol, eg. tcp, udp --tpsrc TPSRC transport protocol source port --tpdst TPDST transport protocol destination port --iport IPORT Ingress OpenFlow port number on the switch --debug When specified enables debugging Flow Pusher
Snort rules file •Define criteria for matching network traffic •The parsealert.py module will process any alerts with “__S_” in the message •All other alert entries are ignored •Use the trailing string (e.g. tcp443) and IP address as the unique flow name •Sample rules will shunt any source IP address to honeypot •TCP ports 80 and 443 with a TOS byte of 184 •TOS 0xB8 (184) = IP Precedence 5 or DSCP Expedited Forwarding (EF) alert tcp any any -> any 80 (tos:184; sid:1000985; msg: "__S_tcp80";) alert tcp any any -> any 443 (tos:184; sid:1000986; msg: "__S_tcp443";)
Snort alert file •Identify entries with “__S_” •Determine the source IP address •Use the trailing string (e.g. tcp443) and source IP address as the unique flow name •Create flow entry (aka: “firewall rule”) to shunt packets to honey pot •Log action in ./log directory [**] [1:1000986:0] __S_tcp443 [**] [Priority: 0] 04/27-00:43:35.932503 198.19.3.1:56184 -> 198.18.4.1:443 TCP TTL:255 TOS:0xB8 ID:39797 IpLen:20 DgmLen:40 ***AP**F Seq: 0x7F92F67A Ack: 0xF6474527 Win: 0x1020 TcpLen: 20
Monitoring Network
Monitoring Network Options •The Monitoring Network can be build using SDN technology or traditional appliances: •In the WWT ATC deployment we have used both: •Ixia's Net Tool Optimizer® (NTO) •Cisco Nexus Data Broker (Monitor Manager) •Monitor Manager provides a REST API interface to programmatically create or modify rules and filters. •Additional SDN Option is Big Switch Networks Big Tap™ Monitoring Fabric
Monitoring Network Monitoring Network Cisco XNC Controller Monitor Manager Nexus 3K Corporate Network Internet WAN Edge Security Onion SDN REST API wireshark
Demonstration
Demonstration Video •Watch the video to see how security-defined routing combines cyber analytics and SDN to protect the network: •http://youtu.be/KvZuklmi9uU
Forwarding and Replication Intrusion Prevention Filter and Disseminate Analyze and Alert Security- Defined Routing Software Implement Intrusion Prevention Lifecycle Cisco ® Extensible Network Controller (XNC) Cisco Monitor Manager or Ixia's Anue Net Tool Optimizer® (NTO) Cisco Nexus 3000 Series Switches | Plug-in for OpenFlow Inside Outside
Solution Advantages •Enhanced Scalability – IDS is separated from IPS: OpenFlow switch implementers tapping and IPS •Seamlessly Manage Appliances - IDS systems can be added, removed, or upgraded, without introducing high-impact changes to the IPS service in the production network. •Multiple ‟Sets of Eyes” - Network traffic can be easily copied to multiple intrusion detection devices. •Rapid Mitigation – The OpenFlow switch is programmatically updated to block or shunt traffic. •Consistent Policy Implementation - Alerts generated at one Internet gateway can trigger the same policy at all Internet gateways.
•This solution is deployed at the Internet edge, expect to see similar concepts deployed inside the enterprise- BYOD •Network provisioning and configuration will increasingly become less chassis-by-chassis more controller based •Network resources will align with business requirements through application resource profiles and network containers. •Brush up on your programming skills. Looking Forward http://marketing.wwt.com/SDNGuide_Registration.html
Security defined routing_cybergamut_v1_1

Recommandé

DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
The dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowThe dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowDiego Kreutz
 
DPDK Summit 2015 - Intro - Tim O'Driscoll
DPDK Summit 2015 - Intro - Tim O'DriscollDPDK Summit 2015 - Intro - Tim O'Driscoll
DPDK Summit 2015 - Intro - Tim O'DriscollJim St. Leger
 
1 intro to_dpdk_and_hw
1 intro to_dpdk_and_hw1 intro to_dpdk_and_hw
1 intro to_dpdk_and_hwvideos
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchJim St. Leger
 
CampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementCampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementJawdatTI
 
OpenFlow
OpenFlowOpenFlow
OpenFlowKingston Smiler
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 

Recommandé

DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
The dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowThe dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowDiego Kreutz
 
DPDK Summit 2015 - Intro - Tim O'Driscoll
DPDK Summit 2015 - Intro - Tim O'DriscollDPDK Summit 2015 - Intro - Tim O'Driscoll
DPDK Summit 2015 - Intro - Tim O'DriscollJim St. Leger
 
1 intro to_dpdk_and_hw
1 intro to_dpdk_and_hw1 intro to_dpdk_and_hw
1 intro to_dpdk_and_hwvideos
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchJim St. Leger
 
CampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementCampusSDN2017 - Jawdat: SDN Technology Evolvement
CampusSDN2017 - Jawdat: SDN Technology EvolvementJawdatTI
 
OpenFlow
OpenFlowOpenFlow
OpenFlowKingston Smiler
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentMichelle Holley
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...EneaSoftware
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Michelle Holley
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure ComputationChong-Kuan Chen
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios
 
Openlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sionOpenlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sionCcie Light
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhsTim Martin
 
Wireshark
WiresharkWireshark
Wiresharkashiesh0007
 
How to Prevent DHCP Spoofing
How to Prevent DHCP SpoofingHow to Prevent DHCP Spoofing
How to Prevent DHCP SpoofingKHNOG
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
Integrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing PlatformsIntegrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing PlatformsTal Lavian Ph.D.
 
Openflow overview
Openflow overviewOpenflow overview
Openflow overviewopenflowhub
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?Michelle Holley
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesTal Lavian Ph.D.
 
Cisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePKCisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePKCisco Russia
 
VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)John Hubbard
 

Contenu connexe

Tendances

Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentMichelle Holley
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...EneaSoftware
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Michelle Holley
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure ComputationChong-Kuan Chen
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios
 
Openlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sionOpenlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sionCcie Light
 
How to Prevent DHCP Spoofing
How to Prevent DHCP SpoofingHow to Prevent DHCP Spoofing
How to Prevent DHCP SpoofingKHNOG
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
Integrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing PlatformsIntegrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing PlatformsTal Lavian Ph.D.
 
Openflow overview
Openflow overviewOpenflow overview
Openflow overviewopenflowhub
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?Michelle Holley
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesTal Lavian Ph.D.
 

Tendances (20)

Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application Development
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDS
 
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
Enabling accelerated networking - seminar by Enea at the Embedded Conference ...
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure Computation
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
 
Openlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sionOpenlab.2014 02-13.major.vi sion
Openlab.2014 02-13.major.vi sion
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
Wireshark
WiresharkWireshark
Wireshark
 
How to Prevent DHCP Spoofing
How to Prevent DHCP SpoofingHow to Prevent DHCP Spoofing
How to Prevent DHCP Spoofing
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
 
Integrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing PlatformsIntegrating Active Networking and Commercial-Grade Routing Platforms
Integrating Active Networking and Commercial-Grade Routing Platforms
 
Openflow overview
Openflow overviewOpenflow overview
Openflow overview
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
 
What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
 

En vedette

Cisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePKCisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePKCisco Russia
 
VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)John Hubbard
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
Route flow autoconf demo 2nd sdn world congress 2013
Route flow autoconf demo 2nd sdn world congress 2013Route flow autoconf demo 2nd sdn world congress 2013
Route flow autoconf demo 2nd sdn world congress 2013FIBRE Testbed
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
Tutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowTutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowKingston Smiler
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Sdn and open flow tutorial 4
Sdn and open flow tutorial 4Sdn and open flow tutorial 4
Sdn and open flow tutorial 4UmaMahesh Sistu
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 

En vedette (10)

Cisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePKCisco Software Defined Networks (SDN) и OnePK
Cisco Software Defined Networks (SDN) и OnePK
 
VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)VMs All the Way Down (BSides Delaware 2016)
VMs All the Way Down (BSides Delaware 2016)
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
Route flow autoconf demo 2nd sdn world congress 2013
Route flow autoconf demo 2nd sdn world congress 2013Route flow autoconf demo 2nd sdn world congress 2013
Route flow autoconf demo 2nd sdn world congress 2013
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
 
Tutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowTutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlow
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment Routing
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Sdn and open flow tutorial 4
Sdn and open flow tutorial 4Sdn and open flow tutorial 4
Sdn and open flow tutorial 4
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 

Similaire à Security defined routing_cybergamut_v1_1

Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlowJoel W. King
 
btNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingbtNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingAPNIC
 
Software Defined Networking - 2
Software Defined Networking - 2Software Defined Networking - 2
Software Defined Networking - 2Pradeep Kumar TS
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualizationidrajeev
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Software Define Networking (SDN)
Software Define Networking (SDN)Software Define Networking (SDN)
Software Define Networking (SDN)Pradeep Kumar TS
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSICT PRISTINE
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3Wen-Pai Lu
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSrinivasa Addepalli
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBLFei Ji Siao
 
Software defined networking(sdn) pro acrtive routing path update research pro...
Software defined networking(sdn) pro acrtive routing path update research pro...Software defined networking(sdn) pro acrtive routing path update research pro...
Software defined networking(sdn) pro acrtive routing path update research pro...MD SHIBLI
 

Similaire à Security defined routing_cybergamut_v1_1 (20)

Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlow
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
OpenFlow Tutorial
OpenFlow TutorialOpenFlow Tutorial
OpenFlow Tutorial
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Introductionto SDN
Introductionto SDN Introductionto SDN
Introductionto SDN
 
btNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingbtNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined Networking
 
Software Defined Networking - 2
Software Defined Networking - 2Software Defined Networking - 2
Software Defined Networking - 2
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Software Define Networking (SDN)
Software Define Networking (SDN)Software Define Networking (SDN)
Software Define Networking (SDN)
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
Why sdn
Why sdnWhy sdn
Why sdn
 
IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 
Software defined networking(sdn) pro acrtive routing path update research pro...
Software defined networking(sdn) pro acrtive routing path update research pro...Software defined networking(sdn) pro acrtive routing path update research pro...
Software defined networking(sdn) pro acrtive routing path update research pro...
 

Plus de Joel W. King

DevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxDevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxJoel W. King
 
BRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxBRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxJoel W. King
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSJoel W. King
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development EnvironmentsJoel W. King
 
DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introductionJoel W. King
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network AnalysisJoel W. King
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Joel W. King
 
Cisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideCisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideJoel W. King
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design GuideJoel W. King
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleJoel W. King
 
DevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKDevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKJoel W. King
 
Foray into Ansible Content Collections
Foray into Ansible Content CollectionsForay into Ansible Content Collections
Foray into Ansible Content CollectionsJoel W. King
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Joel W. King
 
Enabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleEnabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleJoel W. King
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Joel W. King
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Joel W. King
 

Plus de Joel W. King (20)

DevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxDevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptx
 
BRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxBRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptx
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOS
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development Environments
 
DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introduction
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
 
Cisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideCisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design Guide
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design Guide
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using Ansible
 
DevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKDevNet Study Group: Using a SDK
DevNet Study Group: Using a SDK
 
Foray into Ansible Content Collections
Foray into Ansible Content CollectionsForay into Ansible Content Collections
Foray into Ansible Content Collections
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
 
Enabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleEnabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with Ansible
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)
 

Dernier

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Dernier (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Security defined routing_cybergamut_v1_1

  • 1. Copyright © 2014 World Wide Technology, Inc. All rights reserved. Security-Defined Routing Joel W. King Technical Solutions Architect Enterprise Networking Solutions Engineering and Innovations
  • 2. Agenda •Background: Who, What and Why? •Process flow – Topology Diagrams •OpenFlow Mechanics •Software •Monitoring Network •Demonstration Video •Summary
  • 3. Who am I? •Software-Defined Networking Discipline Lead at WWT •Goal: First to Educate •Oversee SDN solution architectures, training and education for sales engineering, demonstrations, workshops. Focus area: Network Programmability •Previously •NetApp E-Series Storage – Big Data •Cisco Systems CVDs – Cisco Validated Designs
  • 4. Why this was developed •World Wide Technology (wwt.com) •Value added systems integrator and supply chain solutions provider •Advanced Technology Center (ATC) Hands-on access to over $50M in data center, virtualization, collaboration, networking and security solutions. •Premise: Demonstrate a Software-Defined Networking (SDN) use case •Integrate: SDN with Cyber Analytics Reference Architecture (CARA)
  • 5. What is Security-Defined Routing? •Security-Defined Routing (SDR) is a play on the term Software-Defined Networking (SDN) •Security-Defined Routing •Uses SDN (OpenFlow) switches, •Dynamic reprogramability of network flows. •Normal IP packet forwarding reacts to security analytic engines •Integrating security analytics with packet forwarding behavior •Central Network Control dates back to AT&T’s Network Control Point in 1977. •Why should cyber professionals care about SDN and Openflow? http://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly
  • 6. Historical view of SDN • Purist view of SDN has two characteristics (*) • Control plane is separated from device implementing data plane, • Single control plane manages multiple network devices • SDN / OpenFlow initial deployments were network research at universities – (Stanford ) providing a cost effective and ‘clean slate’ network architectures. • OpenFlow is only one instantiation of SDN principles. • SDN is a tool to enable a higher degree of control over network devices. Control Plane (1) The Road to SDN: An Intellectual History of Programmable Networks
  • 7. What is OpenFlow? •Open Networking Foundation (ONF) manages the standard. •Originated at Stanford University 2005 - 2009 - Martin Casado, et al. •OpenFlow- a communications protocol that gives access to the forwarding plane of a network devices - Southbound from the SDN controller to communicate with switches. •Flow Entry - an element in a flow table used to match and process packets a data structure of matches, actions, counters, priority, and timeout values. Fields from Packets Match against flow entries •Ingress port •Ethernet Source | Destination Address •VLAN ID and Priority •IP Source and Destination Address Actions •Multiple actions can be specified •Example: output to multiple ports, drop •IP Protocol •IP ToS bits •TCP | UDP source port •TCP | UDP destination port
  • 8. Basic Building Blocks: Controllers and Agents Some network functionality is better implemented from centralized coordination of all the devices in the network domain. •Controller – process on a server interacting with network devices using APIs / protocols. •Agent – process on network devices implementing a specific function. •API – allow applications external to the controller to query and change the network configuration
  • 9. Next Generation Firewalls •Next-Generation Firewall Services provide more granular application usage control policies than port based firewalls. •Advanced network security functions that are computationally intensive — and they must do so in real-time while introducing little or no latency. •Has the Layer 3 topology changed when deploying Next-Generation Firewalls? •Why does the Firewall function need to be in the forwarding path?
  • 10. Value of Separating Detection from Prevention Separation of intrusion detection (IDS) function from the intrusion prevention (IPS) function, provides: •Enhanced Scalability •Seamlessly Manage Appliances •Multiple ‟Sets of Eyes” •Rapid Mitigation •Consistent Policy Implementation •Cost Effective
  • 11. Security-Defined Routing SDR Solution includes the following components: • An SDN controller • OpenFlow switches between WAN edge routers and a corporate firewalls • Security-Defined Routing (SDR) software developed by World Wide Technology (WWT) • Security analytics software • Cisco Sourcefire • RSA Security Analytics • Open Source Snort NEXUS-7K Internal network Internal network SDN Controller w/ Security-Defined Routing software syslog Internet DMZ OpenFlow switch Monitoring Network
  • 13. Security-Defined Routing Trust Zone DMZ Un-Trusted Zone
  • 14. Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
  • 15. Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
  • 16. Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow Security-Defined Routing
  • 17. Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow ALERT! Security-Defined Routing
  • 18. Trust Zone DMZ Un-Trusted Zone Monitoring Network Cisco XNC Controller OpenFlow attack Security-Defined Routing
  • 19. Security-Defined Routing •Software-Defined Networking (OpenFlow) switches can be programmed to : •Drop packets •Replicate packets (e.g. SPAN / TAP) for monitoring •Selectively divert traffic flows from the normal forwarding path. •Security Analytics devices - intrusion detection system (IDS) identify malicious traffic. •Python modules •Parses a Snort, RSA Security Analytics, Cisco Sourcefire alert (log) file •Creates ‘firewall’ rules for the SDN controller and switch to implement •Uses REST API to dynamically modify forwarding behavior to shunt traffic •Offending host is blocked or routed to honeypot
  • 21. OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside Honey Pot
  • 22. OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Outside Outside Inside & Analytics Honey Pot
  • 23. OpenFlow - Static and Dynamic (reactive) Flows Analytics LLDP ARP IPv4 Inside Outside Trust Zone DMZ Un-Trusted Zone OpenFlow Inside Outside IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Outside Outside Inside & Analytics Honey Pot Honey Pot TCP 443 Honey Pot TCP 443 Honey Pot Outside 198.19.3.1 Or Drop
  • 24. Cisco Extensible Network Controller LLDP ARP IPv4 IPv4 TCP 80 IPv4 TCP 443 Honey Pot to Inet Honey Pot Inside Outside Outside Outside Inside & Analytics LLDP ARP IPv4 IPv4 IPv4 TCP 80 IPv4 TCP 443 Honey Pot Steady State configuration
  • 25. Flow Removal •OpenFlow provides for aging flows from the switch •Each flow entry has an idle_timeout and a hard_timeout •Switches will remove flows older than the hard_timeout •Idle_timeout invoked if no packets match during the timer •The Northbound REST API can be used to manually delete flows •The demo code removes flows after a few minutes. •Caveats •DDoS attackes could generate more flows than the switch can handle •Switches vary in the number of flows supported.
  • 27. Process Flow sst.py ./log --help --debug ./log/ alert Snort ./rules XNC.py module REST API XNC (SDN) Controller OpenFlow Inside Outside TAP parsealert.py syslog /var/log/syslog
  • 28. Log Parser $ python parsealert.py --help usage: parsealert.py [-h] --engine ENGINE --file FILE --command COMMAND [--trigger TRIGGER] [--debug] parsealert.py - Reads syslog or local files from analytic engines, calls sst.py to push flow elements to an XNC controller. Copyright (c) 2014 WorldWide Technology, Inc. optional arguments: -h, --help show this help message and exit --engine ENGINE Specify snort, rsa or sourcefire keyword to indicate the input file --file FILE Input file name. --command COMMAND Command file name in ./config directory --trigger TRIGGER The value of the trigger, if not specified, default is __S_ --debug When specified enables debugging
  • 29. C:>python sst.py --help usage: sst.py [-h] --cact CACT --cip CIP --cuid CUID --cpw CPW --dpid DPID --fname FNAME --act ACT --pri PRI --et ET [--nwsrc NWSRC] [--nwdst NWDST] [--proto PROTO] [--tpsrc TPSRC] [--tpdst TPDST] [--iport IPORT] [--debug] Copyright (c) 2014 World Wide Technology, Inc. optional arguments: -h, --help show this help message and exit --cact CACT Controller action, (eg. PUT, DELETE, LIST) a flow element --cip CIP Controller IP / Hostname --cuid CUID Controller username --cpw CPW Controller password --dpid DPID Data Path Identifier of the OpenFlow switch --fname FNAME Flow name, unique identifier --act ACT Action(s) to implement, eg. DROP, OUTPUT=48 --pri PRI Flow priority, higher numbers have more precedence --et ET Ethertype, eg. IPv4, IPv6. --nwsrc NWSRC Source IP address --nwdst NWDST Destination IP address --proto PROTO Protocol, eg. tcp, udp --tpsrc TPSRC transport protocol source port --tpdst TPDST transport protocol destination port --iport IPORT Ingress OpenFlow port number on the switch --debug When specified enables debugging Flow Pusher
  • 30. Snort rules file •Define criteria for matching network traffic •The parsealert.py module will process any alerts with “__S_” in the message •All other alert entries are ignored •Use the trailing string (e.g. tcp443) and IP address as the unique flow name •Sample rules will shunt any source IP address to honeypot •TCP ports 80 and 443 with a TOS byte of 184 •TOS 0xB8 (184) = IP Precedence 5 or DSCP Expedited Forwarding (EF) alert tcp any any -> any 80 (tos:184; sid:1000985; msg: "__S_tcp80";) alert tcp any any -> any 443 (tos:184; sid:1000986; msg: "__S_tcp443";)
  • 31. Snort alert file •Identify entries with “__S_” •Determine the source IP address •Use the trailing string (e.g. tcp443) and source IP address as the unique flow name •Create flow entry (aka: “firewall rule”) to shunt packets to honey pot •Log action in ./log directory [**] [1:1000986:0] __S_tcp443 [**] [Priority: 0] 04/27-00:43:35.932503 198.19.3.1:56184 -> 198.18.4.1:443 TCP TTL:255 TOS:0xB8 ID:39797 IpLen:20 DgmLen:40 ***AP**F Seq: 0x7F92F67A Ack: 0xF6474527 Win: 0x1020 TcpLen: 20
  • 33. Monitoring Network Options •The Monitoring Network can be build using SDN technology or traditional appliances: •In the WWT ATC deployment we have used both: •Ixia's Net Tool Optimizer® (NTO) •Cisco Nexus Data Broker (Monitor Manager) •Monitor Manager provides a REST API interface to programmatically create or modify rules and filters. •Additional SDN Option is Big Switch Networks Big Tap™ Monitoring Fabric
  • 34. Monitoring Network Monitoring Network Cisco XNC Controller Monitor Manager Nexus 3K Corporate Network Internet WAN Edge Security Onion SDN REST API wireshark
  • 36. Demonstration Video •Watch the video to see how security-defined routing combines cyber analytics and SDN to protect the network: •http://youtu.be/KvZuklmi9uU
  • 37. Forwarding and Replication Intrusion Prevention Filter and Disseminate Analyze and Alert Security- Defined Routing Software Implement Intrusion Prevention Lifecycle Cisco ® Extensible Network Controller (XNC) Cisco Monitor Manager or Ixia's Anue Net Tool Optimizer® (NTO) Cisco Nexus 3000 Series Switches | Plug-in for OpenFlow Inside Outside
  • 38. Solution Advantages •Enhanced Scalability – IDS is separated from IPS: OpenFlow switch implementers tapping and IPS •Seamlessly Manage Appliances - IDS systems can be added, removed, or upgraded, without introducing high-impact changes to the IPS service in the production network. •Multiple ‟Sets of Eyes” - Network traffic can be easily copied to multiple intrusion detection devices. •Rapid Mitigation – The OpenFlow switch is programmatically updated to block or shunt traffic. •Consistent Policy Implementation - Alerts generated at one Internet gateway can trigger the same policy at all Internet gateways.
  • 39. •This solution is deployed at the Internet edge, expect to see similar concepts deployed inside the enterprise- BYOD •Network provisioning and configuration will increasingly become less chassis-by-chassis more controller based •Network resources will align with business requirements through application resource profiles and network containers. •Brush up on your programming skills. Looking Forward http://marketing.wwt.com/SDNGuide_Registration.html