A Proactive Stateful Firewall for Software Defined Networking

详细信息    查看全文

• 关键词：Software Defined Networking ; Fingerprinting attacks ; Stateful Firewall ; Network security ; Orchestration ; TCP ; OpenFlow
• 刊名：Lecture Notes in Computer Science
• 出版年：2017
• 出版时间：2017
• 年：2017
• 卷：10158
• 期：1
• 页码：123-138
• 丛书名：Risks and Security of Internet and Systems
• ISBN：978-3-319-54876-0
• 卷排序：10158

文摘

Security solutions in conventional networks are complex and costly because of the lack of abstraction, the rigidity and the heterogeneity of the network architecture. However, in Software Defined Networking (SDN), flexible, reprogrammable, robust and cost effective security solutions can be built over the architecture. In this context, we propose a SDN proactive stateful Firewall. Our solution is completely integrated into the SDN environment and it is compliant with the OpenFlow (OF) protocol. The proposed Firewall is the first implemented stateful SDN Firewall. It uses a proactive logic to mitigate some fingerprinting and DoS attacks. Furthermore, it improves the network performance by steering network communications in order to fulfil network protocol FSM (Finite State Machine). Besides, an Orchestrator layer is integrated in the Firewall in order to manage the deployment of the Firewall applications. This integration empowers the interactions with the administrator and the data plane elements. We conduct two tests to prove the validity of our concept and to show that the proposed Firewall is efficient and performant.