DeepSec2019 Talk: SD-WAN Secure Communications Design and Vulnerabilities — Denis Kolegov *

Hardening communication protocols against network attacks is hard. And yet a lot of products are available on the market that allow you to transport data and messages. Since virtualisation entered the world of technology all things software-definded (SD) have become popular. Denis Kolegov will explain at DeepSec 2019 what the state of affairs in terms of information security is.

The SD-WAN New Hope project targets the security of SD-WAN (software defined wide area network) products. It was started in December 2017, when a customer decided to buy a very secure and well-known SD-WAN product from one of the Top 5 vendors and wanted us to perform threat modelling and a vulnerability assessment. We were doing that for 6 months and found out that the product was awful from a security perspective. It had multiple critical vulnerabilities to RCE, XXE, SQLi, unpatched software, outdated packages, no access control, etc. It seemed that we were investigating an especially vulnerable application for a Capture The Flag (CTF) or security training. We decided to find out whether other SD-WAN products are like this.

It is the end of 2019 and SDx technologies are very popular. They are everywhere. SD-WAN is used as cloud security or network transport platform. Vendors are developing SD-LAN, SD-CORE, SD-VPN, SD-Access and SD-DC products. SD-News write AI-based routing, machine learning, secure network platform unification and state-of-the-art…