Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Virtualized service-chained security controls within a layer 2 SDN

John Studarus (JHL Consulting), Cynthia Thomas (Midokura)
1:30pm–5:00pm Monday, October 30, 2017
Tools and processes
Location: Sutton North

Who is this presentation for?

  • Security, network, and cloud engineers and compliance auditors

Prerequisite knowledge

  • A basic understanding of TCP/IP networking, using the Linux command line via SSH, and file editing (using vi or other editors)
  • Experience using OpenStack (command line or GUI), tcpdump, Linux bridging, and Snort (useful but not required)

Materials or downloads needed in advance

  • A WiFi-enabled laptop with a secure shell (SSH) client and modern web browser installed (You'll be provided access to an OpenStack cloud environment accessible via SSH and the web.)

What you'll learn

  • Learn how to use software-defined networking (SDN) in layer 2 to implement security functions
  • Understand why it's easier to introduce security functions using virtualized layer 2 networking than in layer 3
  • Gain hands-on experience with OpenStack (launching virtual machines, implementing network security rules, and configuring virtual networking), Snort and tcpdump within a Linux virtual machine, and virtual Linux bridging within a Linux virtual machine


Advancements in software-defined networking (SDN) allow virtualized security controls within a virtual layer 2 (media link) network. A service chain defines what controls traffic must pass through before being delivered to the service. For example, a web service would have a service chain requiring the traffic pass through a DDoS filter, WAF, load balancing, and IDS/IPS before being delivered to the web server. Historically this has been done at layer 3 (IP), requiring IP address changes as chain components are added or removed. Implementing this within a virtual network at layer 2, chains can be dynamically updated without requiring any IP changes. Implementing these chains within layer 2 reduces complexity and network overhead.

John Studarus and Cynthia Thomas demonstrate how traffic can be service-chained through multiple security functions (WAF, DDoS filter, IDS/IPS) without the overhead and complexity of layer 3 networking using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to flow traffic through all the required security functions in order to monitor and block malicious traffic originating from a network of virtual machines.

This tutorial is run completely on open source software. You’ll be provided with an OpenStack cloud and security functions to protect a virtualized web application. The course virtual machines are running CirrOS and CentOS Linux. You’ll also use a number of open source security tools, including Snort, tcpdump, Squid, and ModSecurity.

Photo of John Studarus

John Studarus

JHL Consulting

John Studarus is technical risk, compliance, and security advisor at JHL Consulting. John has more than 20 years of software product development across the finance, high tech, government and healthcare industries, which has included working with internal and external technical teams, business partners, customer, internal compliance and legal to lead the product direction of large-scale cloud-based solutions. John’s areas of focus include software and product development, security best practices, compliance and cloud computing, and operational security and technical risk management and auditing. Previously, he led development of security dashboards and portals for use within DISA and the US Department of State and software and product management for AT&T, Leidos, and Akamai.

Photo of Cynthia Thomas

Cynthia Thomas


Cynthia Thomas is a member of the systems engineering team at Midokura, where she focuses on emerging technologies in network virtualization to address evolving application requirements. Cynthia’s background in networking hardware spans from telecommunications to data center, campus, and enterprise solutions. Cynthia holds an MSc in engineering from Queen’s University as well as a number of professional certifications, including Alcatel-Lucent Network Routing Specialist II (NRS II), Brocade Certified Ethernet Fabric Professional (BCEFP), Brocade Certified IP Network Professional (BCNP), and VMware Technical Sales Professional (VTSP) 5.