[AusNOG] SDWAN Security

Dale Shaw dale.shaw+ausnog at gmail.com
Mon May 31 16:08:44 EST 2021


Hi Dusty,

Full disclosure: I work for VMware (we have a SD-WAN offering) but I’ll
keep it agnostic—

On Mon, 31 May 2021 at 12:49 pm, dusty <dusty.au at gmail.com> wrote:

> Hi Folks,
>
> After a number of years being more managerial than technical, I find
> myself staring at a proposal to swap a perfectly good MPLS network with
> some Meraki shenanigans.
>
> This, frankly, gives me the heebie jeebies.
>
> I've done a bunch of poking around but, alas, it is remarkably difficult
> to locate reliable analyses of the actual security (or lack thereof) of
> these solutions - plenty of glossy marketing and whizzbang, not a lot of
> facts.
>
> Can anyone point me in the direction of some decent whitepapers, blogs,
> etc about the relative merits of these things?
>
> Thanks!
> --dusty (in Brisbane)
>

(tl;dr: talk to your friendly vendor SE.)

What sort of collateral would you look for, to give warm fuzzies, if you
were evaluating a traditional WAN routing platform?

You should be able to find security whitepapers and other technical
documents that describe management and data plane security, use of
crypto/PKI etc.

Vendors targeting enterprise customers should be putting their products
through security evaluation frameworks such as Common Criteria — look for
certification, in-flight or completed, against the Network Device
collaborative Protection Profile (NDcPP) plus optional modules like VPN.
Crypto libraries may be FIPS 140-2 [US centric] certified.

For vendors offering things as-a-service, certifications and statements of
conformance against other regulatory frameworks should be applicable (SOC,
FedRAMP [again US centric], IRAP etc. may exist).

Cheers,
Dale
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210531/d06af7be/attachment.html>


More information about the AusNOG mailing list