| Fingerprinting Software Defined Networks and Controllers Contributor(s): Penny Hill Press Inc (Editor), Air Force Institute of Technology (Author) |
|
 |
ISBN: 1523343125 ISBN-13: 9781523343126 Publisher: Createspace Independent Publishing Platform OUR PRICE: $12.30 Product Type: Paperback - Other Formats Published: January 2016 |
| Additional Information |
| BISAC Categories: - Technology & Engineering | Military Science |
| Physical Information: 0.23" H x 8.5" W x 11.02" (0.61 lbs) 112 pages |
| Descriptions, Reviews, Etc. |
| Publisher Description: This book attempts to identify information that is unintentionally offered to a network attacker when SDN is used within a small network, and demonstrates the feasibility of uniquely identifying the software managing the SDN environment. With positive identification of the software controlling the SDN environment (a process knownas fingerprinting), an attacker can then search for existing vulnerabilities or attempt to develop custom attacks against the logically centralized software. Preventing an attacker's discovery of the network controller assists in thwarting the attacker's reconnaissance, ultimately inhibiting the attacker's capabilities. If an attacker is unable to uniquely identify a target, then the list of available vulnerabilities at the attacker's disposal is limited, and the attacker's threat is minimized. Focusing on assessing whether fingerprinting is possible, this book attempts to identify first when SDN is deployed, and then proceeds to gather intelligence in the form of unique features that describe the SDN controller software.The end of this collection of features occurs when the SDN software is successfully fingerprinted.The methods of collecting data are restricted to the methods available to an attacker. An attacker is assumed to have a presence in the network in the form of a connection to the network switching fabric. The attacker can also communicate to other end hosts on the network, including a host that is another point of presence for the attacker (i.e., the attacker can have two points of presence on the network to communicate between). |