Securing Network Automation

Presented at TROOPERS17 (2017), March 22, 2017, 11:30 a.m. (Unknown duration)

If you have operational experience in running large networks then you're probably yearning to replace the traditional way of managing individual network devices via SSH with something better and more reliable. Software Defined Networking (SDN) was touted as the all-encompassing solution, but what we got instead is a heap of academic ideas, several platforms that require as much investment as an SAP deployment, and a bunch of proprietary products focused more on increasing lock-in and vendor revenue than solving operational problems.

It's time we learn from the Unix playbook and start building our network automation solutions from small reusable components… but can we make such a solution secure and reliable? Can we still protect the network from misconfiguration, management-plane attacks, or automation-caused failures? This presentation will discuss the security and reliability challenges of network automation, and describe a few potential solutions.

Presenters:

• Ivan Peplnjak
  Ivan Pepelnjak, CCIE#1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He's the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars.

Links:

• https://troopers.de/troopers17/talks/757-securing-network-automation/
• https://infocon.org/cons/TROOPERS/TROOPERS 2017/Securing Network Automation Ivan Pepelnjak.mp4
• https://troopers.de/downloads/troopers17/TR17_Securing_Network_Automation.pdf

Similar Presentations:

• Black Hat USA 2017 / (in)Security in Building Automation: How to Create Dark Buildings with Light Speed
• GrrCON 2013 / The Science of Security Automation
• Black Hat USA 2016 / Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?