Leveraging SDN to improve the security of DHCP

Jacob H. Cox, Russell J. Clark, Henry L. Owen

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    10 Scopus citations

    Abstract

    Current State of the art technologies for detecting and neu- tralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent & nding the server's MAC address and prevent- ing it from affecting other clients. Not only are such meth- ods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security ap- plication that utilizes the software de& ned networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.

    Original languageEnglish (US)
    Title of host publicationSDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016
    PublisherAssociation for Computing Machinery, Inc
    Pages35-38
    Number of pages4
    ISBN (Electronic)9781450340786
    DOIs
    StatePublished - Mar 11 2016
    Event2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016 - New Orleans, United States
    Duration: Mar 11 2016 → …

    Publication series

    NameSDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016

    Conference

    Conference2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016
    Country/TerritoryUnited States
    CityNew Orleans
    Period3/11/16 → …

    Keywords

    • DHCP
    • IDPS
    • Network security
    • Programmable networks
    • Rogue servers
    • SDN

    ASJC Scopus subject areas

    • Computer Science Applications
    • Software
    • Information Systems

    Fingerprint

    Dive into the research topics of 'Leveraging SDN to improve the security of DHCP'. Together they form a unique fingerprint.

    Cite this