We can only try to anticipate what the attackers may try to target with SDNs. The deployments are new, the protocols are new, the controller software is new, and the history of past SDN attacks is unknown. Based on the SDN architecture, we can predict where an attacker may be likely to strike. If we put ourselves in the attacker's shoes, we might be able to spot a weakness to exploit. Then we can harden that weakness ahead of time.
Before an organization embarks on an SDN deployment project, they should consider how they will secure the system during the early design stage. Don't leave security until the final clean-up phase. If an organization waits until it is working, then hardening the northbound and southbound control messages may cause service-affecting problems. Like most things, setting it up right from the start will save organizations many problems down the road.
Source: Network World
Sign up for Computerworld eNewsletters.