[AusNOG] SDWAN Security
dale.shaw+ausnog at gmail.com
Mon May 31 16:08:44 EST 2021
Full disclosure: I work for VMware (we have a SD-WAN offering) but I’ll
keep it agnostic—
On Mon, 31 May 2021 at 12:49 pm, dusty <dusty.au at gmail.com> wrote:
> Hi Folks,
> After a number of years being more managerial than technical, I find
> myself staring at a proposal to swap a perfectly good MPLS network with
> some Meraki shenanigans.
> This, frankly, gives me the heebie jeebies.
> I've done a bunch of poking around but, alas, it is remarkably difficult
> to locate reliable analyses of the actual security (or lack thereof) of
> these solutions - plenty of glossy marketing and whizzbang, not a lot of
> Can anyone point me in the direction of some decent whitepapers, blogs,
> etc about the relative merits of these things?
> --dusty (in Brisbane)
(tl;dr: talk to your friendly vendor SE.)
What sort of collateral would you look for, to give warm fuzzies, if you
were evaluating a traditional WAN routing platform?
You should be able to find security whitepapers and other technical
documents that describe management and data plane security, use of
Vendors targeting enterprise customers should be putting their products
through security evaluation frameworks such as Common Criteria — look for
certification, in-flight or completed, against the Network Device
collaborative Protection Profile (NDcPP) plus optional modules like VPN.
Crypto libraries may be FIPS 140-2 [US centric] certified.
For vendors offering things as-a-service, certifications and statements of
conformance against other regulatory frameworks should be applicable (SOC,
FedRAMP [again US centric], IRAP etc. may exist).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG