ONAP security meeting 2017-08-02.

Slides:

Advertisements

Similar presentations

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Secure Credential Manager Claes Nilsson - Sony Ericsson

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

Administration. Session Objective Become familiar with: – Managing a mobile phone based assessment – Managing Phones (c) Smap Consulting Pty Ltd2.

TAG Presentation 18th May 2004 Paul Butler

Module X. SMS and Broadcasting

ONAP security meeting

Alternative Governance Models for PKI

Chapter 4 a - X.509 Authentication

Intel HF2 ONAP Community POD 01 (AKA: POD-25)

ONAP security meeting

Outline The basic authentication problem

Containers as a Service with Docker to Extend an Open Platform

ONAP security meeting

ESign Aashutosh.

ONAP security meeting

SSL Certificates for Secure Websites

Joint ONAP security subcommittee – SDC and VNFSDK project meeting

CII Badging Program for CLAMP Xue Gao, Pierre Close, Anael Closson

Getting Started with Chatter

TAG Presentation 18th May 2004 Paul Butler

ONAP security meeting

Topics Introduction Structure and way of working

Openecomp Migration Proposals Catherine Lefèvre (AT&T)

ONAP Amsterdam Architecture

Centralize Image Management for ONAP

Installation & User Guide

ONAP security meeting

Agenda Where we are (Amsterdam Architecture)

Introduction to Computers

CS691 M2009 Semester Project PHILIP HUYNH

ONAP Security Sub-committee Update

ONAP Amsterdam Architecture

Information Security message M one-way hash fingerprint f = H(M)

Secure Enterprise Technology Initiatives e-Provisioning Group

Swipe to Donate Life.

Documenting ONAP components (functional)

CS691 M2009 Semester Project PHILIP HUYNH

Security in ebXML Messaging

ONAP Beijing Architecture Chris Donley 1/9/18

Public Key Infrastructure from the Most Trusted Name in e-Security

ACTORS DESCRIPTION PNF

Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit

Getting Started with UCSF Chatter

Installation & User Guide

刘振上海交通大学计算机科学与工程系电信群楼3-509

HIMSS National Conference New Orleans Convention Center

Proposal for Extensible Security

Drew Hunt Network Security Analyst Valley Medical Center

École St. Angela Merici School year

刘振上海交通大学计算机科学与工程系电信群楼3-509

System Center Configuration Manager Cloud Services – Cloud Distribution Point Presented By: Ginu Tausif.

HR Portal: What’s New? What’s Next?

Express Contracting Producer Steps - EDC.

Proposal on TSC policy for ONAP release Maintenance

Developing SMART Professional Development Plans

BPSec: AD Review Comments and Responses

VNF Validation Project (VVP) Governance Model – Preliminary Views Sandeep Shah November 9, 2017.

Hazelwood Schools Wednesday 2nd October 2019.

ONAP Security Requirements ONAP Virtual F2F, December overall requirements - security by design Stephen Terrill, et al.

Presentation transcript:

ONAP security meeting 2017-08-02

Agenda Vulnerability Management Reflections from Developers event. CII Badging program CLAMP AAF Recommendation on storage of passwords - how to achieve. PKI infrastructure and CA Update on vulnerability scanning discussion status AOB

Vulnerability Managed Select one vulnerability and send to send in to “clean the cobwebs” from our process.

Reflections from Developers event

CII Badging Program Two volunteer projects Next Steps: CLAMP AAF Next Steps: CII Badging programe presentation from David Wheeler Focus on projects that volunteer, but open to all Support to go through Feedback from two projects Meeting discussion: Agreed to follow the above.

Recommendation on storage of passwords - how to achieve? Received Request: We are discussing about multi vim/cloud registry scenario with AAI/ESR team, Zli is on the copy list. When registry a vim, we need to save authentication information into AAI. Zili and Multi VIM team is discussing about encryption for this. I am wondering if you would like to share some security rules for ONAP community for this. Two approaches: A: We have a recommendation that we provide Anything from CII badging programe B: We don’t have a recommendation, but we facilitate the community to get one Onap-discuss list. Drive to conclusion Either way: Need to Document them: Security Best Pracices page? Or maybe a general best practices page in a wiki? Meeting Discussion Amy has thoughts around this Steve Goeringer raised the question of why passwords, why not certificates (or such approaches). Stephen to create a security best practice sub-page – Amy/Steve Goeringer create a proposal to discuss in the community. Different ambition levels (R1 may not be able to achieve what we want, but at least we should point out the “gotchas”). Two weeks. Maybe a common module for R2 …

PKI infrastructure and CA (1/2) The ASK from Chris Does the Security Team have a PKI strategy? Anyone planning to host an ONAP CA? The reason I ask is that VNF SDK is considering implementing SOL-04, which has some vnf package integrity and authenticity options that require digital signatures. We’d like to align with other projects such as SDC, SO, VFC, and APPC that may need to validate the VNFs as part of the onboarding process, and we’re interested in taking advantage of any PKI mechanisms already in place. Not that we’re looking for more work, but if no one else is working on PKI, VNF SDK wouldn’t be a bad place to home it, given that we’re building a reference “marketplace” for VNFs and will have a relationship with VNF vendors. Also, if the Security team wants to take this on, I’d like to recommend checking out Kyrio (http://www.kyrio.com/security-services/). To my knowledge, they’re the largest issuer of device certificates on the planet (cable modems, passpoint, smart grid, and medical devices). As they say, “Kyrio is the preferred security provider for CableLabs, OpenADR, Wi-Fi Alliance, and Center for Medical Interoperability (CMI).” .

PKI infrastructure and CA (2/2) From the VNF SDK perspective, we are supplying VNF packaging tools to vendors and then validating the uploaded VNF packages. If you think about a potential marketplace environment, where vendors upload their VNFs to a neutral marketplace (think Apple App Store or Google Play) and operators download the ones they’re interested in, operator certs may not make sense. We were thinking that vendors would acquire certificates from a central place (from ONAP CA? From a defined third-party (such as Kyrio) which ONAP would use as a trusted root? Something else?). The vendors would sign their VNF packages with that cert, and vnf sdk would then validate the digital signatures as part of the VNF package validation prior to onboarding. Meeting notes: Organize a discussion with VNF SDK team . Avoid Mon-Wed (7-9) next week. If next Thu, same hour as seccom is good

Static Scanning Update

Reflection Way of working? I just noted a few times that there was no feedback on questions sent to the list: Not on the onap-secom@lists.onap.org list? No interest? Should we do it another way?