Cargando…
Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks
The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtua...
| Autores principales: | , , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9961207/ https://www.ncbi.nlm.nih.gov/pubmed/36850345 http://dx.doi.org/10.3390/s23041747 |
| _version_ | 1784895697997266944 |
|---|---|
| author | Álvarez, David Nuño, Pelayo González, Carlos T. Bulnes, Francisco G. Granda, Juan C. García-Carrillo, Dan |
| author_facet | Álvarez, David Nuño, Pelayo González, Carlos T. Bulnes, Francisco G. Granda, Juan C. García-Carrillo, Dan |
| author_sort | Álvarez, David |
| collection | PubMed |
| description | The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtual local area networks (PVLANs). Although defence in depth is usually manageable in small networks, it is not easily scalable to larger environments. Software-defined networks (SDNs) are emerging technologies that can be very helpful when performing network segmentation in such environments. In this work, a corporate networking scenario using PVLANs is emulated in order to carry out a comparative performance analysis on defensive strategies regarding CPU and memory usage, communications delay, packet loss, and power consumption. To do so, a well-known PVLAN attack is executed using simulated attackers located within the corporate network. Then, two mitigation strategies are analysed and compared using the traditional approach involving access control lists (ACLs) and SDNs. The results show the operation of the two mitigation strategies under different network scenarios and demonstrate the better performance of the SDN approach in oversubscribed network designs. |
| format | Online Article Text |
| id | pubmed-9961207 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-99612072023-02-26 Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks Álvarez, David Nuño, Pelayo González, Carlos T. Bulnes, Francisco G. Granda, Juan C. García-Carrillo, Dan Sensors (Basel) Article The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtual local area networks (PVLANs). Although defence in depth is usually manageable in small networks, it is not easily scalable to larger environments. Software-defined networks (SDNs) are emerging technologies that can be very helpful when performing network segmentation in such environments. In this work, a corporate networking scenario using PVLANs is emulated in order to carry out a comparative performance analysis on defensive strategies regarding CPU and memory usage, communications delay, packet loss, and power consumption. To do so, a well-known PVLAN attack is executed using simulated attackers located within the corporate network. Then, two mitigation strategies are analysed and compared using the traditional approach involving access control lists (ACLs) and SDNs. The results show the operation of the two mitigation strategies under different network scenarios and demonstrate the better performance of the SDN approach in oversubscribed network designs. MDPI 2023-02-04 /pmc/articles/PMC9961207/ /pubmed/36850345 http://dx.doi.org/10.3390/s23041747 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Álvarez, David Nuño, Pelayo González, Carlos T. Bulnes, Francisco G. Granda, Juan C. García-Carrillo, Dan Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title | Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title_full | Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title_fullStr | Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title_full_unstemmed | Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title_short | Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks |
| title_sort | performance analysis of software-defined networks to mitigate private vlan attacks |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9961207/ https://www.ncbi.nlm.nih.gov/pubmed/36850345 http://dx.doi.org/10.3390/s23041747 |
| work_keys_str_mv | AT alvarezdavid performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks AT nunopelayo performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks AT gonzalezcarlost performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks AT bulnesfranciscog performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks AT grandajuanc performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks AT garciacarrillodan performanceanalysisofsoftwaredefinednetworkstomitigateprivatevlanattacks |