CISSP · Question #1124
What is a security concern when considering implementing software-defined networking (SDN)?
The correct answer is A. It increases the attack footprint.. SDN centralizes network control into a software-based controller, which introduces a larger and more concentrated attack surface compared to traditional distributed network architectures.
Question
Options
- AIt increases the attack footprint.
- BIt uses open source protocols.
- CIt has a decentralized architecture.
- DIt is cloud based.
How the community answered
(23 responses)- A78% (18)
- B13% (3)
- C4% (1)
- D4% (1)
Why each option
SDN centralizes network control into a software-based controller, which introduces a larger and more concentrated attack surface compared to traditional distributed network architectures.
SDN increases the attack footprint because the centralized controller becomes a high-value single point of compromise - if an attacker gains control of the SDN controller, they can manipulate the entire network's traffic flows, policies, and routing. Additionally, the separation of the control plane and data plane introduces new attack vectors such as controller spoofing, API exploitation, and southbound/northbound interface vulnerabilities that did not exist in traditional hardware-based networking.
While SDN does utilize open protocols like OpenFlow, the use of open source protocols is not itself the primary security concern - open protocols can be audited and hardened, and proprietary protocols also carry vulnerabilities.
SDN actually features a centralized (not decentralized) architecture, where a single controller manages the network; decentralization is the opposite of how SDN is designed and is therefore factually incorrect.
SDN is not inherently cloud-based - it can be deployed in on-premises data centers, private networks, and other environments, so describing it as cloud-based is an inaccurate characterization of the technology.
Concept tested: SDN security risks and centralized attack surface
Source: https://www.cisa.gov/sites/default/files/publications/sdn-security-considerations-enterprise-network-508.pdf
Topics
Community Discussion
No community discussion yet for this question.