Security related question of the underlay and overlay networks
-
Hi there, I know I'm getting ahead of myself here but got some shower questions to ask.
As mentioned in the title, I was wondering if about the security aspect of the SDN networks.
The first question:
If there's Cisco TrustSec operates at the policy plane/security implementation and the existed underlay networks having their own security feature. Would they have any conflict of security between them?The second question:
Can we implement security features in the overlay networks only, and connectivity only in the underlay network, will that work? If it will, can the attacker utilize this to attack the network?Thank you
-
@Chris-IT said in Security related question of the underlay and overlay networks:
Hi there, I know I'm getting ahead of myself here but got some shower questions to ask.
My apologies, this one slipped past me...
As mentioned in the title, I was wondering if about the security aspect of the SDN networks.
The first question:
If there's Cisco TrustSec operates at the policy plane/security implementation and the existed underlay networks having their own security feature. Would they have any conflict of security between them?No. The underlay and overlay security should be complementary. Now having said that, If you block it at the underlay, you're blocking connectivity generally...but usually, you implement good infrastructure security at the underlay, then security policy on the overlay.
The second question:
Can we implement security features in the overlay networks only, and connectivity only in the underlay network, will that work? If it will, can the attacker utilize this to attack the network?Like all things, you can do what you choose but generally, if you're using SDN, the underlay is abstracted away. Attackers, will attack what they know to be there. So like all good things, you implement security based on the CIA triad as best as you can.
Thank you