I2NSF Project @ IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu.

Slides:



Advertisements
Similar presentations
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Advertisements

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
A Survey on Interfaces to Network Security
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Networking Components Starla Wachsmann. COMPUTER NETWORKING COMPONETS Today’s wireless and enterprise networks are more complex than ever, delivering.
McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.
The Intranet.
Security fundamentals Topic 10 Securing the network perimeter.
1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
HCNA-Security Huawei Certified Network Associate Security (HCNA-Security) validates the basics of network security knowledge and skills to support the.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
Denial of Service Mitigation with OpenFlow using SciPass
Network Management Overview
Barracuda Firewall The Next-Generation Firewall for Everyone
Why? Increase pace and relevance of IETF standards
The Intranet.
What is a Firewall?.
Firewalls Dr. X (Derived from slides by Prof. William Enck, NCSU)
User-group-based Security Policy for Service Layer
IPv6 for the Network Edge
IP/MPLS Backbone Transition to SDN: OpenDaylight Advisory Board
I2NSF Framework Project
Internet and Intranet.
Firewalls.
IETF 97th SUPA Working Group
Prepared By : Pina Chhatrala
Securing the Network Perimeter with ISA 2004
Project Proposals: ODL-SDNi App
EA C451 Vishal Gupta.
Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-00 Rakesh Kumar Juniper networks.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
ONAP and the Internet Engineering Task Force
Use Cases and Requirements for I2NSF_
Nicolas BOUTHORS Qosmos
Internet and Intranet.
Tips to pass your Check Point CCSA exam Pass your exam successfully html.
Interface to Network Security Functions (I2NSF)
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
DDoS Attack Detection under SDN Context
2. Updates from the Last Meeting
Firewalls Purpose of a Firewall Characteristic of a firewall
SDN Based IoT-Cloud Comm.
Service Function Chaining-Enabled
Firewalls Routers, Switches, Hubs VPNs
VPN: Virtual Private Network
Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-02 Rakesh Kumar Juniper networks.
Internet and Intranet.
IETF Hackathon: <Project Name>
Firewall.
Module 8: Securing Network Traffic by Using IPSec and Certificates
AbbottLink™ - IP Address Overview
IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong
Software interoperability in the NGN Service layer
Firewall Installation
Internet and Intranet.
Interface to Network Security Functions (I2NSF)
Interface to Network Security Functions (I2NSF)
Presentation transcript:

I2NSF Project @ IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu

Why Do We this Project? I2NSF: Chartered to use NETCONF/RESTCONF + Data Models Is this approach reasonable for management of security devices? Is it better than writing another security protocol? Can we get I2NSF Key Data Model (Capability) refined, and put open source code for VOIP/VoLTE and Firewall? Result: I2NSF WG approach works, fast time to market NM/OPS should expand their work into Security I2NSF follows up with MILE, SACM, DOTS, and SECEVENTs Does this work for a student project – Yes!! 25 new 1st timers at IETF Put Code on Web NM: Network Management OPS: Operations

What are Network Security Functions (NSFs)? Enterprise Network *NSF: Network Security Function NSF2 (DPI) NSF1 (Firewall) No Valid Packet? Enough? Yes Switch packet Forward How to do? Destination Host

(i) Firewall for Web-filtering in I2NSF Framework using SDN and Goal of I2NSF Project Given the code base of I2NSF Framework for provisioning Network Security Functions (NSFs), we implemented two things: (i) Firewall for Web-filtering in I2NSF Framework using SDN and (ii) Deep Packet Inspection (DPI) for VoIP/VoLTE Security Service in I2NSF Framework.

Contributions for the Goal Proof of Concept (POC) of I2NSF Framework using Open Sources. 2. Validity of I2NSF Interface Design for I2NSF Framework. 3. Feasibility of Data-driven Approach (YANG) for Network Security Services.

Hackathon Development Building Environment OS Ubuntu 14.04TL Netconfd 6.2 Version Apache2 2.4.7 Version MySQL 14.14 Version PHP 5.5.9 Version Mininet 2.2.1 Version OpenDaylight Distribution-karaf-0.4.3-Beryllium-SR3

I2NSF User (security policy) Scenario of Security Services in I2NSF Testbed *NSF: Network Security Function *NSFF: NSF Forwarder for Traffic Steering Enterprise Network with I2NSF I2NSF User (security policy) 1. Time-dependent Firewall e.g.) 09:00 – 18:00 => Block 18:01 – 08:59 => Unblock Security Controller 2. VoIP/VoLTE Filtering Rule e.g.) Blacklist of SIP URI and User Agent NSF1 (Firewall) NSFF NSF2 (DPI) SDN Network Facebook 10.1.1.10 Internet Host 10.0.0.1 (Employee) Switch Switch Switch Switch Switch Switch Youtube 10.2.1.20 Hacker Gateway at Africa

Lessons from the Implementation @ Hackathon Proof of Concept (POC) of I2NSF Framework using Open Sources: Confd for NETCONF OpenDaylight for SDN Controller Mininet for SDN Network RestAPI for I2NSF Interface Validity of I2NSF Interface Design for I2NSF Framework: Firewall for Web Filtering DPI for VoIP/VoLTE (e.g., Blacklist and Whitelist) Feasibility of Data-driven Approach (YANG) for Network Security: YANG Data Models for I2NSF Interfaces among System Entities (I2NSF User, Security Controller, NSFs).

Demonstration of I2NSF Implementation YouTube Videoclip: https://www.youtube.com/watch?v=5iflpVt4l6U&feature=youtu.be

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.