Security Analysis of a Software Defined Wide Area Network Solution

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorIsomaki, Pekka
dc.contributor.authorRajendran, Ashok
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorAura, Tuomas
dc.date.accessioned2016-11-02T09:17:49Z
dc.date.available2016-11-02T09:17:49Z
dc.date.issued2016-08-24
dc.description.abstractEnterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-defined wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the networking service and eases the complexity of configuring and managing the enterprise network by moving these tasks to software and a central controller. The introduction of new technologies causes concerns about their security. Also, this new solution is introduced as a replacement for MPLS, which has been considered secure and has been in use for more than 16 years. Thus, there is a need to analyze the security of SD-WAN, which is the goal of this thesis. In this thesis, we perform a security analysis of a commercial SD-WAN solution, by finding its various attack surfaces, associated vulnerabilities and design weaknesses. We choose Nuage VNS, an SD-WAN product provided by Nuage Networks, as the analysis target. As a result, many attack surfaces and security weaknesses were found and reported, especially in the Customer Premises Equipment (CPE). In particular, we found vulnerabilities in the CPE's secure bootstrapping method and demonstrated some attacks by exploiting them. Finally, we propose mitigation steps to avoid the attacks. The results of this thesis will help both the service provider and the SD-WAN solution vendor to know about the attack surfaces and weaknesses of SD-WAN before offering it to their customers. We also help in implementing the temporary countermeasures to mitigate the attacks. The results have been presented to the service provider and the vendor of the SD-WAN product.en
dc.format.extent71
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/23161
dc.identifier.urnURN:NBN:fi:aalto-201611025262
dc.language.isoenen
dc.programmeMaster's Degree Programme in Security and Mobile Computing (NordSecMob)fi
dc.programme.majorData Communication Softwarefi
dc.programme.mcodeT3005fi
dc.rights.accesslevelopenAccess
dc.subject.keywordSD-WANen
dc.subject.keywordvirtual network functionsen
dc.subject.keywordsecurity analysisen
dc.subject.keywordSDN overlayen
dc.subject.keywordVXLANen
dc.subject.keywordNuage VNSen
dc.titleSecurity Analysis of a Software Defined Wide Area Network Solutionen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.okmG2 Pro gradu, diplomityö
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
dc.type.publicationmasterThesis
local.aalto.idinssi54797
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Rajendran_Ashok_2016.pdf
Size:
1.54 MB
Format:
Adobe Portable Document Format