Today, SD-WAN is a very hot and an attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN). According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020. At the same time, from a security point of view, SD-WAN is a dangerous mix of Web technologies, custom cryptography, virtualization, immature features and complicated logic. In this talk, we describe most common classes of design flaws and vulnerabilities in SD-WAN, disclose a set of reported and already patched vulnerabilities in popular SD-WAN products. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities. We also deeply explore a design flaw in a well-known SD-WAN product that could allow an attacker to compromise all SD-WAN networks in the World.
Presented at Security Fest 2019.
Speaker: Denis KolegovDenis Kolegov is a security researcher at BI.ZONE and an associated professor in computer security at Tomsk State University. His research focuses on network security, web application security, cryptography engineering, and covert communications. He holds a PhD and associated professor degree in computer security. Denis has presented at different international security conferences including Power of Community, Area41, Zero Nights, Positive Hack Days, InsomniHack, and SibeCrypt.