This document summarizes a presentation on abusing software defined networks. It discusses how SDNs separate the control plane from the data plane and use controllers to program switches. While SDNs solve many network problems, the presentation outlines several security weaknesses in SDN protocols and controllers like Floodlight and Opendaylight that could allow attackers to gain unauthorized access, intercept traffic, or launch denial of service attacks. It demonstrates exploits against real networks and advocates for securing SDN through encryption, authentication, access control, and developing security capabilities within SDN controllers.
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
Corey Thuen of Digital Bond Labs describes in technical detail how Havex/Dragonfly enumerated OPC servers.
Havex is the second ICS malware ever seen in the wild.
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
Did "cloud computing" and "big data" buzzwords bring new challenges for security testers?
Apart from complexity of Hadoop installations and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security and encryption at rest. We tested popular Hadoop environments and found a few critical vulnerabilities, which for sure cast a shadow on big data security.
Vulnerability Inheritance in ICS (English)Digital Bond
Reid Wightman of Digital Bond Labs shows how software libraries integrated into ICS can bring vulnerabilities along with them.
In this case it is the CoDeSys library bringing vulnerabilities to more than 200 products including PLC's from Hitachi and Sanyo-Denki. Reid goes into the vulnerabilities and shows the tools that can exploit the vulnerabilities.
Equally important is the vendor misrepresenting the fact that the vulns were fixed, when they were not. And the vendors, Hitachi and Sanyo-Denki to name two, that did not test the security of the libraries before including them in their products and selling them to customers.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward?
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
The New Landscape of Airborne CyberattacksPriyanka Aash
A virus-like cyberattack spreading over the air may sound far-fetched, but new research proves the airborne attack surface is here. Join the Armis researchers who discovered the viral IoT vulnerability, BlueBorne, as they walk through the airborne threat landscape, its risks and tips for tackling them, and for a live demo of an attack using the BlueBorne vector.
Learning Objectives:
1: Understand the airborne attack vector, its threats and consequences of attacks.
2: Observe a live demo of an airborne attack and review existing exploits.
3: Obtain practical advice for reducing the airborne attack surface.
(Source: RSA Conference USA 2018)
Internet Accessible ICS in Japan (English)Digital Bond
Dale Peterson of Digital Bond gathered reports and examples from Shodan researchers to quantify and describe ICS devices that are connected to the Internet in Japan. It is not a small number and some of the examples are compelling.
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Corey Thuen of Digital Bond Labs describes in technical detail how Havex/Dragonfly enumerated OPC servers.
Havex is the second ICS malware ever seen in the wild.
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
Did "cloud computing" and "big data" buzzwords bring new challenges for security testers?
Apart from complexity of Hadoop installations and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security and encryption at rest. We tested popular Hadoop environments and found a few critical vulnerabilities, which for sure cast a shadow on big data security.
Vulnerability Inheritance in ICS (English)Digital Bond
Reid Wightman of Digital Bond Labs shows how software libraries integrated into ICS can bring vulnerabilities along with them.
In this case it is the CoDeSys library bringing vulnerabilities to more than 200 products including PLC's from Hitachi and Sanyo-Denki. Reid goes into the vulnerabilities and shows the tools that can exploit the vulnerabilities.
Equally important is the vendor misrepresenting the fact that the vulns were fixed, when they were not. And the vendors, Hitachi and Sanyo-Denki to name two, that did not test the security of the libraries before including them in their products and selling them to customers.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward?
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
The New Landscape of Airborne CyberattacksPriyanka Aash
A virus-like cyberattack spreading over the air may sound far-fetched, but new research proves the airborne attack surface is here. Join the Armis researchers who discovered the viral IoT vulnerability, BlueBorne, as they walk through the airborne threat landscape, its risks and tips for tackling them, and for a live demo of an attack using the BlueBorne vector.
Learning Objectives:
1: Understand the airborne attack vector, its threats and consequences of attacks.
2: Observe a live demo of an airborne attack and review existing exploits.
3: Obtain practical advice for reducing the airborne attack surface.
(Source: RSA Conference USA 2018)
Internet Accessible ICS in Japan (English)Digital Bond
Dale Peterson of Digital Bond gathered reports and examples from Shodan researchers to quantify and describe ICS devices that are connected to the Internet in Japan. It is not a small number and some of the examples are compelling.
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Every 25 years or so, telecom networks get totally re-designed. The last big re-build came with the internet in the early 1990s. Now “IP networking” technology is giving way to another technology cycle known as “software defined networking”. SDN is a new architecture for telecom networks in which the emphasis shifts from hardware to software. It will be hugely disruptive because it fundamentally changes who controls the telecom network. In the report we predict some of the winners and losers.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
Demystifying Software Defined Networking (SDN)Matt Bynum
A presentation on SDN given at Barcamp Huntsville on August 23, 2014. This is a high-level overview of one of the tenants of SDN, that of the controller based manipulation of traffic.
Demystifying Software Defined Networking (SDN)Matt Bynum
A presentation on SDN given at Barcamp Huntsville on August 23, 2014. This is a high-level overview of one of the tenants of SDN, that of the controller based manipulation of traffic.
All papers tell exactly what SDN is. But what is the current status? And what are practical applications? This paper dives into other matters than just the obvious ones.
Extreme is the only company in the industry that takes an architectural approach to bringing products to market (from R&D to product release). Everything we do and create is a part of this Software Defined Architecture [SDA]. Wireless LAN, Wired LAN, Data Center -- It starts with highly reliable, high performance infrastructure. This is our heritage and we have always been outstanding at this: WiFi, Campus LAN all the way to the Data Center. (Ranging from your user to the applications they consume.)
ExtremeXOS -- On top of this, we use a single consistent and differentiated OS call EXOS. (next gen HW will run on EXOS). Lots of companies make high performance hardware, so to truly offer value added differentiation; we include an integrated layer of software into our architecture.
Network Management & BYOD -- We fully integrate management across our entire portfolio. We are very proud that in only 5 months, NetSight became the management platform for the entire portfolio. This was an emphatic message to the market that we take a different approach aligned to our SDA. NetSight has a single, integrated database for all aspects of management. This streamlines operations, enables dynamic management and removes the manual aspect of correlating information.
Application Analytics -- Purview offers application layer analytics, so you can understand what is happening on your network, you can optimize your environment, help increase productivity and measure adoption. Purview allows you to deliver both tactical and strategic information to make better more rapid business decisions.
Finally, we offer orchestration across the entire architecture. Whether that infrastructure is multi-vendor or not. Orchestration within the data center is available across virtualized workloads and consolidated storage and compute. Extreme is the only company in the industry committed to this type of integration, backward compatibility and openness to support technology partners and third party vendors. Many in the industry have grown through M&A, successfully so, however it has led to a portfolio with lots of products that are not integrated through management or orchestration. Each time you add a product, it increases your complexity with the introduction of a new disparate management tool.
Data Center Aggregation/Core Switch
The proposed solution must provide a high-density chassis based switch solution that meets the requirements provided below. Your response should describe how your offering would meet these requirements. Vendors must provide clear and concise responses, illustrations can be provided where appropriate. Any additional feature descriptions for your offering can be provided, if applicable.
• Must offer a chassis-based switch solution that provides eight I/O module slots, two management module slots and four fabric module slots. Must support a variety of I/O modules providing support for 1GbE, 10GbE, 40GbE and 100GbE interfaces. Please describe the recommended switching solution and the available I/O modules.
• Switch must offer switching capacity up to 20.48 Tbps. Please describe the performance levels for the recommended switching solution.
• Switch system must support high availability for the hardware preventing single points of failure. Please describe the high availability features.
• It is preferred that the 10 Gigabit Ethernet modules will also be able to accept standard Gigabit SFP transceivers. Please describe the capability of your switch.
• Must support an N+1 redundant power supplies
• Must support N+1 redundant fan trays
• Must support a modular operating system that is common across the entire switching profile. Please describe the OS and advantages.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
4. Modern Day Networks
Vendor Dependent
Difficult to scale
Complex and Prone to Break
Distributed and Often Inconsistent
Configuration
Uses inflexible and difficult to innovate
protocols
Unable to Consider Other Factors
… And Good Luck If You Want
To Change It!
5. Enter … Software Defined Networking
Separate the Control and Data Plane
Forwarding Decisions Made By a Controller
Routers and Switches Just Forward Packets
Controllers
Programmed with the Intelligence
Full visibility of the Network
Can consider the totality of the network
before making any decision
Enforce Granular Policy
6. Enter … Software Defined Networking
Switches
Bare-Metal Only
Any Vendor … Hardware or Software
7. Solves Lots of Problems
Know the State of the Network Rather Than
Inferring It
Run Development and Production Side-By-Side
More Practical …
8. Solves Lots of Problems
Less Expensive Hardware
BGP
Maintenance Dry-Out
Customer Egress Selection
Better BGP Security
Faster Convergence
Granular Peering at IXPs
9. Solves Lots of Problems
Real-World Network Slicing of Flow Space
Network and Server Load Balancing
Security
Dynamic Access Control
Adaptive Traffic Monitoring
Attack Detection and Mitigation
17. Opendaylight
Open-Source Java Controller
Many southbound options including Openflow
Supports Openflow v1.0.0 and v1.3.0
Fork from the Beacon Java Openflow controller
A Linux Foundation Collaborative Project
Supported by Citrix, Red Hat,
Ericsson, Hewlett Packard,
Brocade, Cisco, Juniper,
Microsoft, and IBM
18. How Prevalent Is It Going To Be?
Gartner: 10 critical IT trends for the next five
years
Major Networking Vendors Have Products or
Products Planned for SDN
InformationWeek 2013 Survey
60% felt that SDN would be part of
their network within 5 Years
43% already have plans to put it in
production
20. Protocol Weaknesses
Encryption and Authentication via TLS
More of a suggestion than a requirement though …
Started Out Good
Heading Backwards
v1.0.0 over TLS
v1.4.0 over TCP or TLS
21. Protocol Weaknesses
Controllers
Floodlight … Nope
Opendaylight … Supported but not required
Switches
Arista … No
Brocade … Surprisingly, Yes
Cisco … Another, Yes
Dell … No
Extreme … Another, Yes
HP … No
27. DoS Nastiness
Openflow
Centralization Entails Dependency
Dependency Can Be Exploited
How are vendors handing it?
Floodlight
Explored by Solomon, Francis, and Eitan
Their Results … Handling It Poorly
Opendaylight
Unknown but worth investigating
It is Java for God Sake!
28. Tools
of-switch.py
Impersonates an Openflow switch
Utilizes Openflow v1.00
of-flood.py
Floods an Openflow controller
Disrupting the network and bringing it down
Utilizes Openflow v1.00
30. Other Controller Weakness
Floodlight
No Encryption for Northbound HTTP API
No Authentication for Northbound HTTP API
Opendaylight
Encryption for Northbound HTTP API
Turned Off by Default
Authentication for Northbound HTTP API
HTTP Basic Authentication
Default Password Weak
Strong Passwords Turned Off
by Default
31. Could Lead To …
Information Disclosure through Interception
Topology
Credentials
Information Disclosure through
Unauthorized Access
Topology
Targets
32. And …
Topology, Flow, and Message Modification through
Unauthorized Access
Add Access
Remove Access
Hide Traffic
Change Traffic
33. Identifying Controllers and Switches
Currently Listening on TCP Port 6633
New Port Defined … TCP Port 6653
Hello’s Exchanged
Feature Request
Controller will send
Switch will not
37. Exposure
Number of Known Issues
Bad Enough Inside a Network
Is Anything Outward Facing?
Better Not to Take Anyone’s Word
for It
Just Find Out for Yourself
38. Reported
While Data Centers/Clouds are the Killer App for SDN
NIPPON EXPRESS
FIDELITY INVESTMENTS
VMWARE
Starting to see it moving toward the
LAN
Caltech
Cern
And WAN
Google, NTT, and AT&T
39. Discovered (Scanning Project)
Service Discovery Ran on Entire Internet
Seeing Both Controllers and Switches
Still Going Through Results Though
Data Collected Full of Noise
Let’s Just Say that I Now Know
Where All the Tarpits Are!
40. Some Attacks
Small Local Area Network
One Admin Host
Two User Hosts
One Server
One IDS
Attacker will …
Identify Targets
Enumerate ACLs
Find Sensors
41. Tool
of-map.py
Downloads flows from an Openflow controller
Uses the flows
To identify targets and target services
To build ACLs
To identify sensors
Works with Floodlight and Opendaylight
via JSON
43. And Some More Attacks …
Small Local Area Network
One Admin Host
Two User Hosts
One Server
One IDS
Attacker will …
Gain Access to the Server
Isolate the Administrator
Hide from the IDS
And Attack the Server
44. Tool
of-access.py
Modifies flows on the network through
the Openflow Controller
Adds or Removes access for hosts
Applies transformations to their
network activity
Hides activity from sensors
Works with Floodlight and Opendaylight
via JSON
47. Zero-Day Exploit
Opendaylight has other southbound APIs besides Openflow
No Encryption for Southbound Netconf API
No Authentication for Southbound Netconf API
Just Connect and Exchange Messages
XML-RPC
Remember Java?
Boom Goes Opendaylight
And it runs as “Root”
49. If No Exploit …
Service Not Available or They Fix It
Not to Worry
Password Guess the !!!!!!
Default Password Weak
Strong Passwords Turned Off
No Account Lockout
No SYSLOG Output
50. Repeat!
Attacker will …
Identify Targets
Enumerate ACLs
Find Sensors
Gain Access to the Server
Isolate the Administrator
Hide from the IDS
And Attack the Server
And Pwn That Network Too!
52. Other Exploits Waiting to Be Found!
Floodlight
Northbound HTTP API
Southbound Openflow API
Opendaylight
Northbound HTTP API
Southbound Openflow API
Southbound Netconf API (TCP,SSH)
Southbound Netconf Debug Port
53. Other Exploits Waiting to Be Found!
Opendaylight
JMX Access
OSGi Console
Lisp Flow Mapping
ODL Internal Clustering RPC
ODL Clustering
Java Debug Access
54. Where to Look
Identify Additional Encryption and Authentication Issues
Use Them to Explore
Direct Access
Traditional Vulnerabilities
Start with the Basics
Protocol Messaging
Injection for RFI/LFI, Etc.
Identify
Information Disclosure
Unauthorized Access
DoS
56. For Now
Transport Layer Security
Feasible?
Realistic?
Hardening … Duh!
VLAN … It’s the Network Stupid!
Code Review Anyone?
57. For the Future
Denial of Service (SDN Architecture)
Network Partitioning
Controller Clustering
Static Flow Entries
Modification (SDN Applications)
Traffic Counters
Respond to Abnormalities
Verification (SDN Operations)
58. Impact
With this one box, you get everything they have
There is the Obvious
Own Any Data They Own
Control Any Aspect of Their Operation
Control Their Fate
Opens Up A World of
Possibilities
59. How It Could Go Right
Vendor Independence and ultimately lower cost
Networks that match the application and the
businesses needs not the other way around
Faster Evolution of the Network
Production-Scale Simulation
and Experimentation
Exchangeable Network Aspects
Dynamic and Truly Active
Defenses
60. How It Could Go Wrong
Denial of Service
Peer Node
External Node
Selectively Dropping Traffic?
MiTM
Entire Networks
Local Subnets or Hosts
Shadow Operations
Darknets
Uber Admins
61. Making the Difference
Traditional Means of Securing Controllers Still Apply
Security Needs to Be Part of the Discussion
Until Now … How SDN Can Help Security
But How Secure is SDN?
Analyses being Done
But By Outsiders
Traditional Approach and 2-D
Controller’s Need A Security
Reference and Audit Capability
62. SDN has the potential to turn the entire Internet
into a cloud
Benefit would be orders of magnitude above what
we see now
But there is hole in the middle of it that could
easily be filled by the likes of the NSA … or
worse yet, China
Let’s Not Let That Happen
And That Start’s Here
Final Thoughts