Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-80777 | SRG-NET-000362-SDN-000720 | SV-95487r1_rule | Medium |
Description |
---|
The SDN Controller is critical to all network operations because it is the component used to build all forwarding paths for the data plane via control-plane processes. It is also instrumental with network management and provisioning functions that keep the SDN-enabled network elements and links available for providing network services. Any disruption to the SDN Controller can result in mission-critical network outages. A DoS attack targeting the SDN Controller can result in excessive CPU and memory utilization. The SDN Controller must be configured to rate-limit control-plane traffic destined to itself to mitigate the risk of a DoS attack and ensure network stability. |
STIG | Date |
---|---|
SDN Controller Security Requirements Guide | 2020-03-06 |
Check Text ( C-80513r1_chk ) |
---|
Review the SDN controller configuration to determine if it is configured to rate-limit control-plane messages. If the SDN controller is not configured to rate-limit control-plane messages, this is a finding. |
Fix Text (F-87631r1_fix) |
---|
Configure the SDN controller to rate-limit control-plane messages. |