Securing SDN – CompTIA Security+ SY0-501 – 3.2

Software-defined networking combines traditional network design with automated and flexible deployment. In this video, you’ll learn about SDN and how security professionals can integrate their security strategy in an SDN environment.

<< Previous Video: Security Technology Placement Next: Hardware Security >>


Imagine being able to build a networking infrastructure by simply clicking a few buttons, and suddenly you would have a brand new network created. That’s the beauty of software defined networking. It allows you to programmatically orchestrate and automate everything about the way networking is done in your environment.

With software defined networking, we separate the functionality of our networking devices into two parts. There is a control plane and a data plane. The control plane is responsible for the configuration of the device, and the data plane is the part of the device that’s doing the hard work– the one that’s forwarding the frames or providing the firewalling function.

One great benefit of this type of SDN configuration is that it is very agile. You can make changes very quickly, and those changes can all be rolled out automatically. It’s common to manage your SDN from one central location. That way, you can see everything that’s happening in the configuration and make changes on one single console.

But very often, you will not need to make the changes yourself. You’ll be able to orchestrate your network, so that if parts of your network become busier, it will automatically recognize this increase in load and automatically deploy new parts of the network to be able to compensate. This orchestration is a main part of SDN. You don’t have to have a group of people installing new devices into a rack. They are simply created out of a virtual environment, thus the name, software defined networking.

One important aspect of SDN is that it’s an open standard. Instead of having proprietary solutions from vendors, you can have a vendor neutral network that simply creates a set of standard interfaces to the rest of the network. Here is a simple configuration of something you might find in an SDN network, where you have a series of web servers. There’s a database server, a load balancer, and then an internet connection.

Well, you have a need to provide security for all of these, and you want to be able to separate out the communication from the internet to the web servers and have a separate set of communication between the web servers and the database server. With SDN, you can simply click a few buttons and add a firewall or IPS in the places where it makes sense. For example, you might want to add a firewall with IPS functionality between the internet and the load balancer, and you might also want to add an internal firewall for the communication that takes place between the web servers and the database server.