I will go with A too, the SDN controller is the heart. Compromising controller can initiate other attacks defined in B, C and D.
https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/
Agree with B
https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html#:~:text=SDN%20Attack%20Vectors,new%20paradigm%20for%20network%20virtualization.
Gaining access to the SDN controller through a brute force attack on the SSH port would allow the attacker to manipulate the entire network, as the controller is the central point of control in an SDN architecture.
A brute force password attack on the SSH port of the SDN controller, if successful, could give an intruder complete control of the controller. This is because the controller is responsible for managing the network's configuration and traffic flows. If an attacker gains control of the controller, they can manipulate the network's behavior to their advantage.
I agree with A. If you could somehow bypass a firewall from a compromised host, then there's still a question of privileges and authorization of control messages to gain complete control. Unless you're sending it from a compromised admin host/account, which you might have potentially bruteforced (presumably). lol
Most of these SDN questions and compromising it CISSP exam usually looks for controller related answer ive come to notice. compromising the controller gives you access to the fabric.
Out of the options provided, the attack most likely to give an intruder complete control of an SDN architecture is:
A. A brute force password attack on the Secure Shell (SSH) port of the controller
Here's why:
Why SDN Controllers are Critical Targets: SDN separates the control plane (where network configuration happens) from the data plane (where traffic flows). The controller is the central, highly privileged component that orchestrates the entire network. Compromising it would grant an attacker substantial power.
Brute Force and SSH: A brute force attack attempts to guess the controller's administrative credentials through repeated login attempts. SSH is a common remote management protocol, and if its protection is weak, a successful brute force attack can lead to control plane takeover.
While gaining SSH access to the controller through a brute force password attack option A is indeed a serious security concern and could potentially allow an attacker to gain administrative access to the SDN controller, it may not necessarily result in complete control of the entire SDN architecture.
On the other hand, option B describes an attack scenario where a compromised host within the network sends control messages to the SDN controller to open a flow that bypasses the firewall. This attack directly targets the SDN architecture itself and could potentially give the intruder complete control over network traffic flows, allowing them to manipulate traffic and potentially compromise other network devices or services.
Thats why it is B
This type of attack, known as a flow rule modification attack, can allow an attacker to inject malicious traffic into the network or bypass security controls, giving the attacker complete control over the network.
The attack that could give an intruder complete control of a software-defined networking (SDN) architecture is option B: Sending control messages to open a flow that does not pass a firewall from a compromised host within the network.
In software-defined networking, the SDN controller is responsible for managing and controlling the network infrastructure. By sending control messages to open a flow that bypasses the firewall from a compromised host within the network, an attacker can gain unauthorized access and manipulate the network's behavior.
B
A. "By compromising the SDN controller, a hacker could have total control of the network."
I googled B and C and those don't come up, so I don't think they are valid.
D. is just sniffing traffic. This seems too easy, but based on all my research A it is.
I researched this more and thought about it, A doesn't make sense because once you ssh into a system you need to become root to do any damage, otherwise it's pointless.
B. is absolutely correct:
"If an attacker could create a flow that bypasses the traffic steering that guides traffic through a firewall the attacker would have a decided advantage."
"The attacker would want to instantiate new flows by either spoofing northbound API messages or spoofing southbound messages toward the network devices. If an attacker can successfully spoof flows from the legitimate controller then the attacker would have the ability to allow traffic to flow across the SDN at their will and possibly bypass policies that may be relied on for security."
https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html
In a software-defined networking (SDN) architecture, the controller is responsible for managing and controlling the network devices through OpenFlow messages. An attacker who gains control of the SDN controller can potentially manipulate the network traffic, leading to various security risks.
Sending control messages to open a flow that does not pass a firewall from a compromised host within the network is a type of attack called a "flow rule modification attack." This attack can allow an attacker to inject malicious traffic into the network or bypass security controls, giving the attacker complete control over the network.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
N00b1e
Highly Voted 2 years, 2 months ago1460168
3 months, 3 weeks agofranbarpro
2 years, 1 month agoccKane
1 year, 2 months agodev46
2 years, 2 months agojackdryan
1 year, 7 months agofranbarpro
Highly Voted 2 years, 2 months agomartin451
Most Recent 1 month, 2 weeks agorobervalchocolat
2 months, 3 weeks agodeeden
3 months, 3 weeks agoCCNPWILL
5 months, 3 weeks agoduplexjay
5 months, 3 weeks agoJenkins3mol
6 months, 3 weeks ago25cbb5f
7 months, 3 weeks agoParikshitcyber
8 months, 1 week agoUkpes
1 year agohomeysl
1 year, 1 month agoBach1968
1 year, 4 months agoHughJassole
1 year, 5 months agoHughJassole
1 year, 4 months agoKelvinYau
1 year, 5 months agoA1nthem
1 year, 7 months agoinvincible96
1 year, 8 months ago