1. SD-WAN overview
a. SD-WAN in a nutshell b. Typical SD-WAN design overview c. Cloud, on premise, hybrid architecture d. Common technology stack (netconf, strongswan, DPDK, etc.) e. Customization, vCPE and VNF f. Security features
Basic terminology, the essentials of SD-WAN architecture: declared advantages and implementation options. Customization approaches via tailored and 3rd party VNF and uCPE/vCPE. Overview of built-it and additional security features.
2. SD-WAN attack surface a. Management interfaces b. Local shells and OS c. Control plane and data plane separation d. Analytics-Controller-vCPE/uCPE-VNF communications e. Hypervisor and virtualization (VNF) separation f. Routing, IPSec Overlay g. Updates and Cloud features
Technical analysis of data and control flow between major components in typical SD-WAN architecture (Orchestration – Controller – vCPE – VNF [and back]). Attack vectors, vertical and horizontal (for multi-tenant/managed service) privilege escalation scenarios.
3. Security Assessment
a. SD-WAN as a (virtual) appliance b. Rooting the "box" c. Old school *nix tricks d. How I Learned to Stop Worrying and Love the Node.js e. Built-in security features f. Post-deploy "Forensics" g. SD-WAN Managed Services h. Top down, bottom up and lateral movement
Practical SD-WAN security assessment cases, vulnerabilities (next summarized in "SD-WAN vulnerabilities" section), tips and tricks.
4. SD-WAN Offensive and Defensive toolkit
a. Internet census b. SD-WAN vulnerabilities c. Attacks cases d. SD-WAN threat model e. Pentester and hardening checklists f. Buyer guide
SD-WAN Internet census, Google/Shodan SD-WAN Cheat Sheet. Issues with cloud deployment and support (AWS, Azure). Publically know attack cases. Vulnerabilities in top 5 SD-WAN (depends on fixes, responsible disclosure in progress).
5. Conclusion/ Takeaways