Analysis of network security organization based on SD-WAN technology

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.242993

Keywords:

OpenFlow, Software defined wide area network (SD-WAN), architecture, DDoS attack, WAN network

Abstract

A Software-Defined Network (SDN) on a Wide Area Network (WAN) is a computer network that is controlled and created by software.

SD-WAN is an emerging research area that has received a lot of attention from industry and government. This technology offers tremendous opportunities to support the creation of consolidated data centers and secure networks. This is an innovation that allows the network to be monitored and programmed so that it can respond to network events caused by security breaches.

This solution provides network security, offers a single network management console, and provides complete control over the network architecture. Also controls security in the cloud software-defined infrastructure (SDI), such as dynamically changing the network configuration when forwarding packets, blocking, redirecting, changing Media Access Control (MAC) or Internet Protocol (IP) addresses, limiting the packet flow rate etc.

Using SD-WAN technology, it is possible to reduce the cost of dedicated bandwidth channels, achieve a high-quality Virtual Private Network (VPN), and the ability to automatically select a channel for certain channels.

The main advantages of SD-WAN are the management of an unlimited number of devices from a single center, reducing the cost of deploying branch infrastructure.

According to the results of the survey, 7 % of respondents use SD-WAN for security solutions, 14% at the piloting stage.

As a result of the research, it was revealed that by 2024, to increase the flexibility and support of cloud applications, more than 60 % of SD-WAN customers will implement the SASE (Secure Access Service Edge) architecture, which is 30% more than in 2020 and the main concept - application security and cloud functions.

Author Biographies

Gulzinat Ordabayeva, Al-Farabi Kazakh National University

Senior Teacher

Department of Information Systems

Abdizhapar Saparbayev, Kainar Academy

Doctor of Economic Sciences, Professor, Vice-rector for Science

Department of Economics and Business

Bibinur Kirgizbayeva, Kazakh National Agrarian Research University

PhD, Professor

Department of «IT technology and automation»

Gulzat Dzhsupbekova, M. Auezov South Kazakhstan State University

PhD

Department of Information Technology

Nazira Rakhymbek, M. Auezov South Kazakhstan State University

Senior Teacher

Department of Information Technology

References

  1. Laponina, O. R., Sizov, M. R. (2017). Laboratory bench for testing the integration capabilities of SDN networks and traditional networks. International Journal of Open Information Technologies, 5 (9).
  2. Mukhizi, S., Mutkhanna, A. S., Kirichek, R. V, Kucheriavii, A. E. (2019). Issledovanie modelei balansirovki nagruzki v programmno-konfiguriruemykh setiakh. Elektrosviaz, 1, 23–29
  3. Sallent, O., Perez-Romero, J., Ferrus, R., Agusti, R. (2017). On Radio Access Network Slicing from a Radio Resource Management Perspective. IEEE Wireless Communications, 24 (5), 166–174. doi: http://doi.org/10.1109/mwc.2017.1600220wc
  4. OpenFlow Management and Configuration Protocol (OF-CONFIG 1.2). ONF TS-016. Available at: https://www.opennetworking.org/wp-content/uploads/2013/02/of-config-1.2.pdf Last accessed: 15.08.2021
  5. Google’s Inter-Datacenter WAN Using SDN and OpenFlow. Available at: https://opennetworking.org/sdn-resources/customer-case-studies/google/
  6. OpenFlow. Available at: https://lvk.cs.msu.su/~sveta/SDN_OpenFlow_basics_lecture1_v2.pdf Last accessed: 15.08.2021
  7. Tok, M. S., Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard. Computers & Security, 109, 102394. doi: http://doi.org/10.1016/j.cose.2021.102394
  8. Huang, X., Zeng, M., Xie, K. (2021). Intelligent traffic control for QoS optimization in hybrid SDNs. Computer Networks, 189, 107877. doi: http://doi.org/10.1016/j.comnet.2021.107877
  9. Pamplin, S. (2021). SD-WAN revolutionises IoT and edge security. Network Security, 2021 (8), 14–15. doi: http://doi.org/10.1016/s1353-4858(21)00090-8
  10. Tok, S., Demirci, M. (2021). An Investigation of Topology Poisoning Attacks in Software Defined Networks Through Exploiting Link Layer Discovery Protocol, 589–608. Uludağ University Journal of The Faculty of Engineering, . doi: http://doi.org/10.17482/uumfd.769939
  11. Polat, H., Polat, O., Cetin, A. (2020). Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models. Sustainability, 12 (3), 1035. doi: http://doi.org/10.3390/su12031035
  12. Olivier, F., Carlos, G., Florent, N. (2015). New Security Architecture for IoT Network. Procedia Computer Science, 52, 1028–1033. doi: http://doi.org/10.1016/j.procs.2015.05.099
  13. Khorsandroo, S., Sánchez, A. G., Tosun, A. S., Arco, J., Doriguzzi-Corin, R. (2021). Hybrid SDN evolution: A comprehensive survey of the state-of-the-art. Computer Networks, 192, 107981. doi: http://doi.org/10.1016/j.comnet.2021.107981
  14. Dayal, N., Srivastava, S. (2021). SD-WAN Flood Tracer: Tracking the entry points of DDoS attack flows in WAN. Computer Networks, 186, 107813. doi: http://doi.org/10.1016/j.comnet.2021.107813
  15. Smelianskii, R. L. (2014). Tekhnologii SDN i NFV: novye vozmozhnosti dlia telekommunikatsii. Vestnik Sviazi, 1, 43–47. Available at: https://www.arccn.ru/media/1132/ Last accessed: 29.08.2021
  16. Galich, S. V., Deogenov, M. S., Kartashevskii, V. G., Pasiuk, A. O., Semenov, E. S. (2016). Issledovanie proizvoditelnosti PKS-kontrollera OpenDaylight na setiakh raznykh masshtabov. Izvestiia IUFU. Tekhnicheskie nauki, 9, 121–133.
  17. Fouladi, R. F., Ermiş, O., Anarim, E. (2020). A DDoS attack detection and defense scheme using time-series analysis for SDN. Journal of Information Security and Applications, 54, 102587. doi: http://doi.org/10.1016/j.jisa.2020.102587
  18. Cui, Y., Qian, Q., Xing, H., Li, S. (2020). LNAD: Towards Lightweight Network Anomaly Detection in Software-Defined Networking. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 855–860. doi: http://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00113
  19. Pourvahab, M., Ekbatanifard, G. (2019). An Efficient Forensics Architecture in Software-Defined Networking-IoT Using Blockchain Technology. IEEE Access, 7, 99573–99588. doi: http://doi.org/10.1109/access.2019.2930345
  20. ONF TR-502: SDN Architecture (2014). Open Networking Foundation. Available at: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR_SDN_ARCH_1.0_06062014.pdf Last accessed: 20.08.2021
  21. Queiroz, W., Capretz, M. A. M., Dantas, M. (2019). An approach for SDN traffic monitoring based on big data techniques. Journal of Network and Computer Applications, 131, 28–39. doi: http://doi.org/10.1016/j.jnca.2019.01.016
  22. Lee, S., Kim, J., Woo, S., Yoon, C., Scott-Hayward, S., Yegneswaran, V. et. al. (2020). A comprehensive security assessment framework for software-defined networks. Computers & Security, 91, 101720. doi: http://doi.org/10.1016/j.cose.2020.101720
  23. Rana, D. S., Dhondiyal, S. A., Chamoli, S. K. (2019). Software Defined Networking (SDN) Challenges, issues and Solution. International Journal of Computer Sciences and Engineering, 7 (1), 884–889. doi: http://doi.org/10.26438/ijcse/v7i1.884889
  24. Critical Capabilities for WAN Edge Infrastructure. Available at: https://www.gartner.com/doc/reprints?id=1-1XWDQO33&ct=191210&st=sb Last accessed: 24.08.2021
  25. Guo, Z., Feng, W., Liu, S., Jiang, W., Xu, Y., Zhang, Z.-L. (2019). RetroFlow: Maintaining Control Resiliency and Flow Programmability for Software-Defined WANs. IEEE/ACM International Symposium on Quality of Service (IWQoS ’19). Phoenix, New York. doi: http://doi.org/10.1145/3326285.3329036
  26. Malakhov, S. V., Tarasov, V.N. (2015). Teoreticheskoe i eksperimentalnoe issledovanie zaderzhki v programmnogo-kofiguriruemykh setiakh. Infokommunikatsionnye tekhnologii, 4, 409–413.
  27. Maltsev, A. (2018). Postroenie zaschischennoi i adaptiruemoi seti SD-WAN. Available at: https://www.osp.ru/lan/2018/04/13054564 Last accessed: 29.08.2021
  28. Tanha, M. (2019). Resilient Controller Placement Problems in Software Defined Wide-Area Networks. University of Victoria, 130.
  29. Kodavanty, V., Sen, S., Kamsetty, S., Arumugam, P. V. (2019). Pat. No. US 2019/0207844 A1 USA. Determining routing decisions in a software – defined wide area network. Pub. Date: 04.07.2019.
  30. Golani, K., Goswami, K., Bhatt, K., Park, Y. (2018). Fault Tolerant Traffic Engineering in Software-defined WAN. 2018 IEEE Symposium on Computers and Communications (ISCC). doi: http://doi.org/10.1109/iscc.2018.8538606
  31. Sarychev, D. (2021). Kak obespechit bezopasnost programmno-opredeliaemykh setei (SD-WAN). Available at: https://www.anti-malware.ru/analytics/Technology_Analysis/Secure-SD-WAN Last accessed: 05.09.2021
  32. SD-WAN Market Recorded 39 Percent Growth for 1H 2021, According to Dell’Oro Group. Available at: https://www.delloro.com/news/sd-wan-market-recorded-39-percent-growth-for-1h-2021/ Last accessed: 05.09.2021
  33. Galiev, A. (2021). Kak «Kazteleport» v razy sokratil izderzhki na vydelennye kanaly s pomoschiu SD-WAN. Available at: https://profit.kz/articles/14657/Kak-AO-Kazteleport-v-razi-sokratil-izderzhki-na-videlennie-kanali-s-pomoschu-SD-WAN/ Last accessed: 05.09.2021
  34. BI Group modernizirovala set s pomoschiu resheniia SD-WAN ot Fortinet (2021). Available at: https://profit.kz/articles/14700/BI-Group-modernizirovala-set-s-pomoschu-resheniya-SD-WAN-ot-Fortinet/ Last accessed: 05.09.2021
  35. Razbor rynka SD-WAN: kakie suschestvuiut resheniia i komu oni nuzhny (2019). Available at: https://safe.cnews.ru/articles/2019-11-06_razbor_rynka_sdwan_kakie_sushchestvuyut Last accessed: 06.09.2021
  36. Rukovodstvo po sredstvu zaschity SD-WAN dlia rukovoditelei v sfere setevykh tekhnologii. Available at: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/ru_ru/eBook-The-Network-Leaders-Guide-to-Secure-SD-WAN.pdf Last accessed: 06.09.2021

Downloads

Published

2021-10-31

How to Cite

Ordabayeva, G., Saparbayev, A., Kirgizbayeva, B., Dzhsupbekova, G., & Rakhymbek, N. (2021). Analysis of network security organization based on SD-WAN technology. Eastern-European Journal of Enterprise Technologies, 5(9 (113), 56–69. https://doi.org/10.15587/1729-4061.2021.242993

Issue

Vol. 5 No. 9 (113) (2021): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2021 Gulzinat Ordabayeva, Abdizhapar Saparbayev, Bibinur Kirgizbayeva, Gulzat Dzhsupbekova, Nazira Rakhymbek

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.