Home > Cloud Computing > Cloud Security

Vulnerability events make OpenDaylight more secure

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Vulnerability events make OpenDaylight more secure

The original intention of open-source projects is always good, and there are bright future expectations, but security is never the most important...

The Linux Foundation launched the OpenDaylight Collaboration Project in April 2013 to create an open-source software defined network (SDN) platform. Subsequently, the project received the attention and support of many industry vendors and is now growing rapidly. However, OpenDaylight did not pay much attention to a security vulnerability last year, which caused a lot of concerns.

OpenDaylight

Back in August 2014, the researchers discovered the OpenDaylight security vulnerability and named it "Netdump ". With Netdump, remote attackers can access any files on the OpenDaylight controller system through network configuration services. Files that are vulnerable to attacks include hash Network Authentication Files. Attackers can obtain authentication by using common attack tools to control the entire network.

Although the vulnerability has a major security threat, OpenDaylight did not respond positively to the vulnerability, and even released the Helium version containing the vulnerability after the vulnerability was announced. The vulnerability was not fixed until last December, because the related personnel thought that OpenDaylight was still in the early stage and was not used in the actual environment, so the security response speed was slow.

But David Jorm, a security expert (IIX's product security engineer) and a member of the OpenDaylight community, does not think so, he said: "Because the fact is that a serious vulnerability has been ignored for more than four months, it is clear that we have a problem in some aspects. Once this vulnerability is exploited by attackers, it will bring a devastating blow to the entire SDN."

Jorm also pointed out that suppliers need to learn the latest security information in a timely manner, rather than hand over these vulnerabilities in private, which will seriously affect the release speed of related patches.

Fortunately, since the incident, more and more OpenDaylight members have begun to use actions to support Jorm. The OpenDaylight technical Steering Committee recently approved a detailed security response process guide. "We take security seriously in the ODL community," said the chairman of the technical Steering Committee. "We are working to better establish and publicize our security response process, so that anyone can report the problem and make sure that we can respond immediately."

Now, Jorm has made a high comments on OpenDaylight's security response. We are delighted to see that OpenDaylight attaches more importance to security.

OpenDaylight Helium (Helium) version installation

This article permanently updates the link address:

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
opendaylight vpn more secure than wpa2 more secure linux or windows iphones more secure than android phones iphones more secure than android phones more secure in aws vpc or ec2 is drupal more secure than wordpress
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More