I read your recent tip on software-defined networking (SDN). We are=20 considering SDN technology for our network. We have firewalls and access = control=20 lists in place, but we like the idea of using SDN to enforce network = access=20 control for all of our endpoints. Is SDN worthwhile for these purposes=20 alone?
Ask the Expert
Have questions about network security for expert Matt Pascucci? Send=20 them via email today! (All questions are anonymous.)
SDN, in my opinion, is the future of networking. The networking world = has=20 long waited for a technology like SDN to come around. It's really up to = the=20 people embracing the technology and working together to make it better, = very=20 much like Linux when it first came out.
Software-defined networking isn't something that can = just be=20 thrown together over a weekend and run by itself. Before deciding to run = SDN,=20 first determine if there is a legitimate business case for the use of = this=20 technology. Running SDN takes networking and puts it on its head = -- this=20 is a completely different way to think about managing systems.
Be aware that there might be pushback from people who are opposed to = change.=20 This is fine, but as you said, you want to have a better view into your = nodes.=20 This is an honorable objective. You'll be able to manage such things as = routes=20 and Quality of Service more efficiently, but you'll also encounter some = security=20 concerns with SDN.
The following are some issues that you may run into:
- Securing the controller and making sure that no unauthorized = changes=20 occur
- Properly configuring for business continuity
- Ensuring you have secure connections from the controller to each = one of=20 the endpoints
While it's important to be aware of the potential security = implications of=20 using SDN technology for the purposes you mention, it's also a good = thing to=20 want to manage your endpoints more efficiently and enforce network access protection.
This was first published in March 2013