Technologies and Topics
Tutorial Learning Outcomes:
Cybersecurity Technical Track
Announcing an Inside OpenFlow article that addresses a critical aspect on cybersecurity – how to protect your network from known “Bad Actors.” IP Reputation intelligence – Blacklists – are available from a number of commercial vendors from around the world. But how is this cybersecurity intelligence brought to protect your network? Operationally how do you inject this security intelligence into your network?
This article presents an OpenFlow answer. A complete infrastructure – from 3rd party Blacklist data to blocking mitigation rules operating on the OpenFlow switch fabric – is presented. The article includes working code with a step-by-step tutorial on installation and operations.
The article introduces SecSwitch – a Cybersecurity enhanced OpenFlow Controller and presents the following processes:
- Converting IP Rep information into the Protocol used by the SecSwitch Cybersecurity API
- Connecting to SecSwitch API and sending IP Rep data
- The API updating the “Live Controller Configuration” module
- The “Live Controller Configuration” module publishes the IP Rep event
- The OpenFlow switches subscribed to IP Rep events receive the mitigation notification
- The switch injects the Blacklist block rules into an OpenFlow table on the switch
The Live Controller Configuration” is a new, unique technology component of the SecSwitch Controller. It has a Publish/Subscribe algorithm that enables one Cybersecurity mitigation event to update many OpenFlow switches in the network fabric.
This article also delivers a complete virtual datacenter infrastructure of test development for Cybersecurity applications.
In summary, the IP Reputation and Mitigation article provides code and a hands-on environment for injecting Blacklist security intelligence into an OpenFlow switch fabric. Cybersecurity is the issue of our time, and this article delivers powerful insight and “know how” on one core aspect of securing our networks.
Technologies and Topics
This tutorial introduces the following technologies and topics
- SecSwitch Cybersecurity Mitigation Controller
- Designed to receive mitigation requests for the outside world and update the OpenFlow switch fabric.
- North Bound Mitigation API
- Defines protocol for injecting security events into the OpenFlow switch fabric
- Mitigation Shim
- Maps 3rd party proprietary mitigation data structures into the North Bound API protocol
- Live Configuration Module
- A publish/subscribe technology for mitigation events
- IP Rep (Blacklist) OpenFlow table and associated controller functionality
- SecSwitch test environment
- Virtual mininet environment and traffic generators
- Model datacenter network
- Mininet configuration templates for realistic datacenter networks
- “pingbulk” functionality
- emulate thousands of Internet connections coming into datacenter
Tutorial Learning Outcomes
After working through this tutorial you will be able to:
- Design the process to get your IP Rep intelligence data from its original format into North Bound mitigation API of SecSwitch
- Create a virtual workspace for Cybersecurity development and testing
- Install Virtualbox, Ryu, mininet, etc from tutorial step-by-step
- Download and install SecSwtch and SecTest
- Modify the Mitigation Shim to map your IP Rep date into North Bound API mitigation actions for SecSwitch
- Run the SecTest environment to verify your design and your code changes
In summary, after working through this tutorial, you will be able to craft and implement an IP Reputation (Blacklist) strategy for your OpenFlow network.