I will go with A too, the SDN controller is the heart. Compromising controller can initiate other attacks defined in B, C and D.
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/
Agree with B
https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html#:~:text=SDN%20Attack%20Vectors,new%20paradigm%20for%20network%20virtualization.
Answer is A
Option B, "Sending control messages to open a flow that does not pass a firewall from a compromised host within the network," is incorrect because it does not necessarily give an intruder complete control over the SDN architecture.
While sending control messages from a compromised host can bypass certain security measures like firewalls, it typically affects only specific flows or segments of the network. This action does not compromise the central SDN controller itself, which is the core component managing the entire network. Without access to the controller, the attacker cannot gain full control over the SDN architecture12.
In contrast, a successful brute force attack on the SSH port of the controller (Option A) would allow the attacker to take over the controller, giving them comprehensive control over the entire network. Answer is A
A successful brute-force attack on the SSH port of the SDN controller is the more dangerous scenario. The controller is the central brain of the SDN architecture. If an attacker gains control of it, they effectively gain control of the entire network. They can manipulate flows, reroute traffic, isolate devices, and perform any action imaginable within the network.
While B (sending control messages to open a flow) is a serious attack, its scope is more limited. Even if successful, the attacker's control is generally restricted to the specific flow they manipulate. They might be able to intercept or modify traffic for that particular flow, but they don't automatically gain complete control of the entire SDN architecture. The controller still retains overall management. Compromising the controller itself, however, grants the attacker that complete control.
Gaining access to the SDN controller through a brute force attack on the SSH port would allow the attacker to manipulate the entire network, as the controller is the central point of control in an SDN architecture.
A brute force password attack on the SSH port of the SDN controller, if successful, could give an intruder complete control of the controller. This is because the controller is responsible for managing the network's configuration and traffic flows. If an attacker gains control of the controller, they can manipulate the network's behavior to their advantage.
I agree with A. If you could somehow bypass a firewall from a compromised host, then there's still a question of privileges and authorization of control messages to gain complete control. Unless you're sending it from a compromised admin host/account, which you might have potentially bruteforced (presumably). lol
Most of these SDN questions and compromising it CISSP exam usually looks for controller related answer ive come to notice. compromising the controller gives you access to the fabric.
Out of the options provided, the attack most likely to give an intruder complete control of an SDN architecture is:
A. A brute force password attack on the Secure Shell (SSH) port of the controller
Here's why:
Why SDN Controllers are Critical Targets: SDN separates the control plane (where network configuration happens) from the data plane (where traffic flows). The controller is the central, highly privileged component that orchestrates the entire network. Compromising it would grant an attacker substantial power.
Brute Force and SSH: A brute force attack attempts to guess the controller's administrative credentials through repeated login attempts. SSH is a common remote management protocol, and if its protection is weak, a successful brute force attack can lead to control plane takeover.
While gaining SSH access to the controller through a brute force password attack option A is indeed a serious security concern and could potentially allow an attacker to gain administrative access to the SDN controller, it may not necessarily result in complete control of the entire SDN architecture.
On the other hand, option B describes an attack scenario where a compromised host within the network sends control messages to the SDN controller to open a flow that bypasses the firewall. This attack directly targets the SDN architecture itself and could potentially give the intruder complete control over network traffic flows, allowing them to manipulate traffic and potentially compromise other network devices or services.
Thats why it is B
This type of attack, known as a flow rule modification attack, can allow an attacker to inject malicious traffic into the network or bypass security controls, giving the attacker complete control over the network.
The attack that could give an intruder complete control of a software-defined networking (SDN) architecture is option B: Sending control messages to open a flow that does not pass a firewall from a compromised host within the network.
In software-defined networking, the SDN controller is responsible for managing and controlling the network infrastructure. By sending control messages to open a flow that bypasses the firewall from a compromised host within the network, an attacker can gain unauthorized access and manipulate the network's behavior.
B
A. "By compromising the SDN controller, a hacker could have total control of the network."
I googled B and C and those don't come up, so I don't think they are valid.
D. is just sniffing traffic. This seems too easy, but based on all my research A it is.
I researched this more and thought about it, A doesn't make sense because once you ssh into a system you need to become root to do any damage, otherwise it's pointless.
B. is absolutely correct:
"If an attacker could create a flow that bypasses the traffic steering that guides traffic through a firewall the attacker would have a decided advantage."
"The attacker would want to instantiate new flows by either spoofing northbound API messages or spoofing southbound messages toward the network devices. If an attacker can successfully spoof flows from the legitimate controller then the attacker would have the ability to allow traffic to flow across the SDN at their will and possibly bypass policies that may be relied on for security."
https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
N00b1e
Highly Voted 2 years, 6 months ago1460168
8 months, 1 week agofranbarpro
2 years, 5 months agoccKane
1 year, 6 months agodev46
2 years, 6 months agojackdryan
1 year, 11 months agofranbarpro
Highly Voted 2 years, 6 months agoImranbhatti
Most Recent 3 weeks, 4 days agoiRyae
1 month, 2 weeks agomartin451
5 months, 4 weeks agorobervalchocolat
7 months agodeeden
8 months agoCCNPWILL
10 months agoduplexjay
10 months, 1 week agoJenkins3mol
11 months, 1 week ago25cbb5f
1 year agoParikshitcyber
1 year agoUkpes
1 year, 5 months agohomeysl
1 year, 5 months agoBach1968
1 year, 9 months agoHughJassole
1 year, 9 months agoHughJassole
1 year, 8 months agoKelvinYau
1 year, 10 months ago