Regresar

Comparative analysis of Cybersecurity mechanisms in SD-WAN architectures: A preliminary results

Abstract:

Software-defined network in a wide area network (SD-WAN) has become a trend applied by large companies with geographically separated branches. The primary objective is based on a software solution that provides a cost-benefit balance, given the high cost of WAN connections. The growth of SD-WAN has brought numerous solutions by various vendors, but that has also increased the number of threats and vulnerabilities to this technology. This article aims to compare the commercial mechanisms versus opensource solutions implement within a specific architecture. It describes the cyber-attack vectors within SD-WAN and how to respond them within a simulation using the GNS3 software. The topology presented is based on a design with two branches and a headquarters, connected by two links that provide redundancy, one by MPLS and the other by broadband internet. The results of this research report that the commercial solution (Fortigate) provides better security mechanisms that focus on confidentiality, integrity, and availability. However, the open-source solution (Flexiwan) offers tools for adaptability to future threats thanks to the community's efforts.