January 21, 2020

338 words 2 mins read

Virtualized service-chained security controls within a layer 2 SDN

Virtualized service-chained security controls within a layer 2 SDN

John Studarus and Cynthia Thomas demonstrate how to service-chain traffic through multiple security functions using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to monitor and block malicious traffic originating from a network of virtual machines.

Talk Title Virtualized service-chained security controls within a layer 2 SDN
Speakers John Studarus (JHL Consulting), Cynthia Thomas (Midokura)
Conference O’Reilly Security Conference
Conf Tag Build better defenses
Location New York, New York
Date October 30-November 1, 2017
URL Talk Page
Slides Talk Slides
Video

Advancements in software-defined networking (SDN) allow virtualized security controls within a virtual layer 2 (media link) network. A service chain defines what controls traffic must pass through before being delivered to the service. For example, a web service would have a service chain requiring the traffic pass through a DDoS filter, WAF, load balancing, and IDS/IPS before being delivered to the web server. Historically this has been done at layer 3 (IP), requiring IP address changes as chain components are added or removed. Implementing this within a virtual network at layer 2, chains can be dynamically updated without requiring any IP changes. Implementing these chains within layer 2 reduces complexity and network overhead. John Studarus and Cynthia Thomas demonstrate how traffic can be service-chained through multiple security functions (WAF, DDoS filter, IDS/IPS) without the overhead and complexity of layer 3 networking using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to flow traffic through all the required security functions in order to monitor and block malicious traffic originating from a network of virtual machines. This tutorial is run completely on open source software. You’ll be provided with an OpenStack cloud and security functions to protect a virtualized web application. The course virtual machines are running CirrOS and CentOS Linux. You’ll also use a number of open source security tools, including Snort, tcpdump, Squid, and ModSecurity.

comments powered by Disqus