engleski

Security in software-defined networks using access lists

As year-to-year network traffic increases, it strives to find ways to make better use of the resources that are in use. One of these solutions is the virtualization of devices, components, and functions that can achieve much better network performance. The integration of such systems into the traditional network is difficult and there comes concept referred as SDN. By decoupling logic from network devices to a higher level (control level), abstraction of resources is provided and excellent conditions for integration with virtualization devices and technology are created. One of the great advantages of such systems, apart from resource abstraction, is that the system is logically but not necessarily physically centralized and thus provides easier control and management of network resources. One of the many controllers is APIC-EM, which provides network engineers with easy access to all devices, topology and device listings, and automated way to run network rules on multiple devices at once. This saves time and money because the engineer no longer has to go from device to device and manually connect to configure some rules, but everything is done through the controller. Each controller has an interface through which it receives user requests, processes it and executes it through an interface for communication with all network devices. The centralization of logic in this concept leads to a more detailed care for the protection of the controller itself, and it also needs to be more careful and precise when determining security rules so as not to impair network functionality. One way to implement security is through access lists that can make traffic filtration and thus isolate unwanted traffic in network parts where this is important. The previously mentioned controller has the ability to view the access lists, their configuration through the REST API request. From it, it is easier to read conflicts, implement new rules or rebuild old ones. The aim of the project was to create an application using the APIC-EM controller for network monitoring and management. The application consists of multiple modules, one of which is a display and configuration of the access list. The module should also allow integration with more detailed security systems or applications to respond to security threats in time.

SDN ; SD-WAN ; controller ; APIC-EM ; SDN applications ; Access Control Lists

nije evidentirano