SD-WAN New Hope
Software-defined networking in a wide area network (SD-WAN) quickly becomes very popular in Enterprises. Vendors promise "on-the-fly agility, simplicity, security and automation" and many other benefits. What do you know about SD-WAN? What "security" means from a hands-on perspective? Are present SD-WAN products really secure?
The goal of this project is to give answers to these questions by exploring implementation security of real SD-WAN solutions from a practical point of view.
Papers
- SD-WAN Internet Census (preprint)
- SD-WAN Threat Landscape (preprint)
- Practical Security Assessment of SD-WAN Implementations
- SD-WAN Security: A Product Liability Insurance Law Would Certainly Help
- SD-WAN TLS Scanning (draft)
Knowledge Base
Public Reports
SilvePeak
- Malicious Portal Can Access REST API on EdgeConnect
- Malicious or Untrusted Orchestrator Can Access REST API on EdgeConnect
- SilverPeakโs IPsec UDP protocol implementation fails to provide forward secrecy
- Silverpeak EdgeConnect Multiple Vulnerabilities
Citrix
Riverbed
Viprinet
Versa
Checklists
Tools
Slides
- SD-WAN Secure Communication Designs and Vulnerabilities. DeepSec 2019
- One Framework to Rule Them All: A framework for Internet-connected Device Census. OFFZONE 2019
- A dive in to SD-WAN Insecure Designs and Vulnerabilities. SecurityFest 2019
- SD-WAN New Hope. PHDays 2019
- SD-WAN Secure Communications. Yandex OSN Meetup 2019
- SD-WAN: Yet Another Way to Unsafe Internet. InsomniHack 2019
- SD-WAN Internet Census. Zero Nights 2018
- "WebGoat.SDWAN.Net" in Depth. Power of Community 2018
- Practical Threat Modeling for SD-WAN. Area 41 2018
- Too Soft[ware Defined] Networks: SD-WAN Vulnerability Assessment. Black Hat USA 2018
Talks
- SD-WAN Secure Communications Design and Vulnerabilities. DeepSec 2019
- SD-WAN Secure Communications. Yandex OSN Meetup 2019 (Russian)
- SD-WAN a New Hop. How to hack software defined network and keep your sanity? CCC 2018
- How To Hack SD-WAN And Keep Your Sanity? Ekoparty 2018