Implementing micro-fragmented LAN network security plan using Network Virtualization (NV)‎ and Software Defined Network (SDN)‎

Abstract EN

Legacy computer networks‟ security and access rules rely on previously defined segments in the physical networks which usually leads to many, coarse-grained, hard to change security rules.

New technologies of network virtualization, programmable switches and Software Defined Network (SDN) allow the use of better approaches for securing networks.

This is especially crucial for the network portions that are not segmented, such as LANs, or inside one segment in a data center.

We implemented an inside segment, cross cutting security rules on a proposed network using the new previously mentioned technologies.

The implemented security rules are designed to be fine-grained, classless, and segment free that could work on multiple levels of the network reference model, or on the host port level inside a LAN at the same time.

This was done in order to explore and show the benefits of using Network Virtualization (NV) and (SDN) technologies to achieve micro-fragmented security plans.

A security plan scenario was designed in a way that demonstrates multiple network layers security objectives, and cross cutting access rules to multiple network segments.

These segments were defined physically, and by using virtual networks‟ tags (VLAN).

The suggested network were implemented using the Mininet simulation for SDN, and the POX controller after adding the suitable code to realize the suggested security plan.

Results show the success of implementation of fine-grained, segments cross-cutting security rules, the ease and flexibility of applying such rules on-line, the dynamicity of it, and its adaptability with any changes applied to the proposed network.