Leveraging SDN to Improve the Security of DHCP
| Title | Leveraging SDN to Improve the Security of DHCP |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Cox, Jr., Jacob H., Clark, Russell J., Owen, III, Henry L. |
| Conference Name | Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4078-6 |
| Keywords | dhcp, IDPS, Network security, programmable networks, pubcrawl, Resiliency, rogue servers, Scalability, SDN, SDN security, virtualization privacy |
| Abstract | Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators. |
| URL | http://doi.acm.org/10.1145/2876019.2876028 |
| DOI | 10.1145/2876019.2876028 |
| Citation Key | cox_jr._leveraging_2016 |