從SDN相關技術在安全性方面所即將面臨的安全與威脅進行探討與研究,探討有關於SDN技術所特有的集中性、可控性和網路的可程式化性,在提高相關網路安全性能所具備的優勢,如網路拓譜監控等;同時也提出了SDN技術也將會引入新的安全性威脅和所承受的風險等等。同時可以從研究中發現,SDN技術對於網路安全性能的提升尤為突出,透過sFlow與Snot的結合運用,使它對網路流量具有極強的控制能力,將使得流量安全防護將會變得更加靈活和有效率,它的集中性可以控制來源IP的地址以及網路源頭追朔等方面的解決方案。 而FRESCO安全應用開發框架本身是屬於OpenFlow應用的一種,它是對NOX Controller進行的二次開發:在對NOX內核進行安全加強的基礎上,對外提供遺留網絡安全系統的Port,保證平台的最大相容性;並且向上提供方便快捷的FRESCO Script API,以及內置了16個以庫形式提供的可重用模組,通過使用FRESCO Script,以及調用模組,就可以加快安全應用的開發速度。 ;To explore and study the opportunities and threats SDN related technologies in terms of safety are going to face, discuss about SDN technology-specific focus, controllability and network programmable resistance, to improve the safety performance of the relevant network It has advantages, such as spectrum monitoring network extension; but also made SDN technology will also be introducing new security threats and risk exposure and so on. At the same time can be found from the study, SDN technology for Internet security performance improvements especially through the use of a combination of sFlow and Snot, makes it to network traffic with a strong ability to control, will allow traffic safety will become more flexible and efficient, its concentration can be controlled source IP addresses and other aspects of the network traceable solutions. The FRESCO security application development framework itself is a kind of OpenFlow applications, it is the secondary development of NOX Controller undertaken: On the basis of NOX kernel strengthen security on the external Port legacy network to provide security systems to ensure maximum phase Platform Capacitive; and provide convenient FRESCO Script API, and a built-in library 16 provided in the form of reusable modules by using FRESCO Script, and invoking modules, you can accelerate the development of safe applications up.
