Security
SD-WAN a New Hop
How to hack software defined network and keep your sanity?
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
Complexity of SDN creates additional security issues and cybersecurity pro should address it before an attack occurs. This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Detailed Outline:
1. SD-WAN overview
a. SD-WAN in a nutshell
b. Typical SD-WAN design overview
c. Cloud, on premise, hybrid architecture
d. Common technology stack (netconf, strongswan, DPDK, etc.)
e. Customization, vCPE and VNF
f. Security features
Basic terminology, the essentials of SD-WAN architecture: declared advantages and implementation options. Customization approaches via tailored and 3rd party VNF and uCPE/vCPE. Overview of built-it and additional security features.
2. SD-WAN attack surface
a. Management interfaces
b. Local shells and OS
c. Control plane and data plane separation
d. Analytics-Controller-vCPE/uCPE-VNF communications
e. Hypervisor and virtualization (VNF) separation
f. Routing, IPSec Overlay
g. Updates and Cloud features
Technical analysis of data and control flow between major components in typical SD-WAN architecture (Orchestration – Controller – vCPE – VNF [and back]). Attack vectors, vertical and horizontal (for multi-tenant/managed service) privilege escalation scenarios.
3. Security Assessment
a. SD-WAN as a (virtual) appliance
b. Rooting the "box"
c. Old school *nix tricks
d. How I Learned to Stop Worrying and Love the Node.js
e. Built-in security features
f. Post-deploy "Forensics"
g. SD-WAN Managed Services
h. Top down, bottom up and lateral movement
Practical SD-WAN security assessment cases, vulnerabilities (next summarized in "SD-WAN vulnerabilities" section), tips and tricks.
4. SD-WAN Offensive and Defensive toolkit
a. Internet census
b. SD-WAN vulnerabilities
c. Attacks cases
d. SD-WAN threat model
e. Pentester and hardening checklists
f. Buyer guide
SD-WAN Internet census, Google/Shodan SD-WAN Cheat Sheet. Issues with cloud deployment and support (AWS, Azure). Publically know attack cases.
Vulnerabilities in top 5 SD-WAN (depends on fixes, responsible disclosure in progress).
5. Conclusion/ Takeaways
Additional information
| Type | lecture |
|---|---|
| Language | English |
More sessions
| 12/27/18 |
Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3.
|
| 12/27/18 |
UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. We will detail the full infection chain showing how Sednit was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated ...
|
| 12/27/18 |
Meet SiliVaccine – North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in the DPRK, and has been continuously in development by dedicated government teams for over fifteen years. When we heard of this strange software, we were immediately driven to investigate it: it's not every day that you can catch a glimpse of the malware landscape inside the closed garden of the DPRK's intranet. In this talk, we will describe how we were able to obtain a rare copy of ...
|
| 12/27/18 |
In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical ...
|
| 12/27/18 |
Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed.
|
| 12/27/18 |
Die Venenerkennung ist eine der letzten Bastionen biometrischer Systeme, die sich bisher der Eroberung durch Hacker widersetzt hat. Dabei ist sie ein lohnendes Ziel, schützt sie doch Bankautomaten und Hochsicherheitsbereiche. In diesem Talk machen wir die Verteidigungsanlagen dem Erdboden gleich.
|
| 12/27/18 |
We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right? But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …
|
