The primary objective of this project is to detect and mitigate various network attacks using new and effective modern day technologies. 1) Software Defined Networking (SDN) is one of the start of art technology that will be used in this project to mitigate the attacks like Denial of Service attacks. 2) It will also help in controlling the data and control plane of the networking devices, which will enable more options to enhance the security. Implementation of security measures in SDN can free a network from several network attacks like Denial of Service (DoS) attacks. Another point to be noted is that, if an administrator had to upgrade the security measures in a traditional network, he would have to configure all the networking equipment separately with the required security measures. If the administrator needs to make any future changes to the network, he would have to again have to update on each and every device separately. This method demands a lot of resources and time. But the implementation of these security measures in a SDN controller can lead to updating all the devices in the network at one go. This leads to mitigating different kinds of network attacks at one go. This is the objective of this project. 1.4 Literature Survey: A. Software Defined Networking (SDN): The implementation of this project makes use of a lot of modern technologies. However, the state of art technology in this project is Software Defined Networking [1]. In the Networking community, SDN
Electronic technology is growing at a rapid rate; more devices are made mobile and wireless, but with those improvement and developments come flaws and malicious opportunities. Cyber attacks are on the rise and no system or device is immune. Many organizations employ multiple layers of firewalls but that doesn’t completely eliminate the threat. Attacks against firewalls and virtual private networks or VPNs are constantly being exploited with new methods everyday, but they are yet another obstacle that a cyber criminal must overcome.
Today, security devices such as Firewall, IDS are used on the many organization's networks for preventing security attacks. But, these devices can only diagnose illegitimate traffic and prevent it. They cannot prevent attacks which are as a result of the network devices vulnerabilities in the switches, routers, and etc. A malicious user who is within the network can implement many attacks by using these vulnerabilities. This paper explains the kind of existing vulnerabilities in Cisco switches and methods of preventing these attacks from
Before going further on this document, first we need discuss some basics of networking, so that it would be easy to understand the topics easily.
The network security incidents are increasing at a disturbing rate every year. As the complexity of these threats increases, so do the security measures required to protect networks. Enterprise data center operators and analysts, network administrators as well as other data center experts need to understand the principles of security in order to safely deploy and manage networks today.
With cyber-attacks on organizations becoming more frequent, and with the need to keep organizations secure, counter-measures must be taken. While firewalls can help to prevent attacks, simply dropping packets and declining services is becoming an inefficient message to send to attackers. Taking existing perimeter defense techniques, like firewalls, and amplifying them to create a new style of device that will respond to attacks is the next step in firewall technology. With these Offensive Perimeter Devices (OPDs), organizations can fight back. Imagine being able to replicate the attack that is in progress and use it against the attackers. The OPD will help to eliminate Denial of Service attacks and ultimately keep an organization up
Software defined networking is a new concept that redefined the current network device architecture and the way they behave. Due to the exponential growth of the Internet and services attached to this worldwide infrastructure, a number of issues have cropped up in modern day networks. This paper discusses a few of these limitations and how the software defined networking approach tries to alleviate them. OpenFlow, released in the year 2008, is a commercially viable implementation of this concept that is being well received by the networking industry at large. The paper also discusses the OpenFlow protocol, its implementation and the challenges facing its widespread acceptance
The purpose of this paper was to research denial-of service attacks and remedies that can be used as defense mechanisms to counter these attacks. A denial-of-service (DoS) attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service (Malliga & Tamilarasi, 2009). The attack demonstrates using both known and potential attack mechanisms. Along with this classification important features of each attack category that in turn define the challenges involved in combating these threats will be discussed. The typical defense system is using only the currently known approaches. A denial-of-service attack deploys multiple machines to avert attacks. Then the service is denied by
Network security has been instrumental in providing security to different types of networks. There are various types of networks like LAN, WAN and MAN for which the security is provided in order to protect them from various unethical activities. The network security has also grown with the recent advances in technologies. It is also very flexible in terms of providing security to advance and new platforms like cloud environment, virtual environment, wireless environment.
With the explosion of cloud, virtualization, mobile devices and data center interconnectivity, the network attack surface has changed. There is no longer a simple perimeter than can be protected by a strong firewall. In today’s data-driven world, servers and data centers are no longer isolated. Threats are now entering the network behind the firewall and moving laterally (east/west), putting servers and data at greater risk.
With Network Security, networking technicians use multiple layers of security, so that if one layer fails the others are there to pick up the slack until the first layer is fix. Some parts of the security of a network involve these items: Antivirus and Antispyware, Firewalls, Intrusion Prevention Systems(IPS), and Virtual Private Networks(VPNs) (“How Does Network Security Work?” np). With this layer system that is used the ability to maintain the integrity of the network.
Denial of Service also known as DoS is an attack that has been a part of cyber-attacks and cyber-terrorism for a long time. With the increase in the number of attacks on networks and websites, the need has come to implement better prevention systems to limit the number of attacks on the network. There are quite a few methods of countering these attacks that are already present but not a lot of networks have implemented them yet. This paper will talk about the different types of DoS attacks and their countermeasures. The paper will also talk about the advantages and
This paper proposes a mechanism to avoid the protocol-independent nature of OpenFlow. It introduces Protocol-Oblivious Forwarding based flexible flow converging (F-FC) scheme, that allows the user to reconfigures the data plane with a protocol independent instruction set. This increases the scalability of the switch feature-set and thus widen the horizon of SDN framework.
The world is becoming more interconnected with the advent of the Internet and new networking technology. There is a large amount of personal, commercial, military, and government information on networking infrastructures worldwide. Network security is becoming of great importance because of intellectual property that can be easily acquired through the internet. When considering network security, it must be emphasized that the whole network is secure. Network security does not only concern the security in the computers at each end of the communication chain. When transmitting data the communication channel should not be vulnerable to attack.
To reduce networks problem, we can use Software Defined Network. Software-Defined Networking (SDN) is an outgoing architecture that is progressive, manageable, cost-effective, and painful, making it ideal for the high-bandwidth, cheaper to build, powerfully faster and more skilled dynamic nature of today 's applications [2]. SDN demands to reduce this effort dramatically [4]. SDN is called the birds-eye perspective on a network. The idea behind it is middle "intelligence" that is able to looking the big picture and is thus able to control and optimistic data streams better and efficiently. Adopting an SDN methodology has a countless of benefits including facility, scalability, thickness, and performance [4]. In addition, a growing network
Over the past two decades, as well the scale as the complexity of Internet of Things (IoT) networks has been dynamically growing. The popularization of mobile internet-connected devices and IoT-based business solutions has additionally contributed to the growth of distributed computing. With the ever more common deployment of heterogeneous IoT networks, often integrating elements of mobile ad-hoc network (MANET) architecture, increasingly sophisticated software-defined networking (SDN) solutions \cite{c3} represent an important area of development.