Securing a software-defined network
So far in this chapter, we have focused on a set of minimal network security requirements to make sure that a software-defined network is secure.
But to maximize the security of a software-defined network, we should look at how overlay and underlay networks could potentially be exploited in new ways by attackers and look at different mechanisms that can be put in place to prevent this from happening.
Software-defined Networks are split into the overlay (which holds all the virtualized networks that houses virtual, physical machines, and containers) and the underlay (which holds all bare metal machines such as hypervisors, network devices, and SDN controllers).
Attacks at Overlay
Overlay networks are created to allow networks to be automated programmatically via APIs and increase the speed of change by simplifying the network in software.
Within the remit of Continuous Delivery, self-service ACL rules can be set up by developers to govern north to south and...