IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong

Slides:

Advertisements

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Advertisements

Grand Challenges in Networking Nick Feamster CS 7001.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

A Survey on Interfaces to Network Security

MIT Libraries’ FileMaker Use Policy as an example local DLC policy.

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

3GPP2 Wireless Networks Evolution to IP and IP v6

Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.

3/21/001 What did we learn at this workshop? Dan Nessett, moderator Usenix Special Workshop on Intelligence At the Network Edge San Francisco, CA March.

GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Internet A simple introduction 黃韻文申逸慈.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Jose Jimenez Telefónica I+D Future Network & Mobile Summit 2011 The vision of Future Internet in the FI PPP Core Platform project.

Unified Distributed (UDub Mail) Life Cycle Objectives Sachin Pradhan Gabriel Maganis.

Security fundamentals Topic 10 Securing the network perimeter.

Dissuasion, Working Group Scope and Deliverables Lou Berger Pat Thaler

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

1 © Cable Television Laboratories, Inc Do not share this material with anyone other than CableLabs Members, and vendors under CableLabs NDA if applicable.

NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1.

Azher Mughal / Beraldo Leal Programming OpenFlow Flows for Scientific Profit 1 Azher Mughal / Beraldo Leal SuperComputing 2015.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

I2RS Building the NG routing interface Sue Hares, Eric Voit, andothesr I2RS built for High performance Not the Pizza box CLI.

SDN controllers App Network elements has two components: OpenFlow client, forwarding hardware with flow tables. The SDN controller must implement the network.

Security fundamentals

Chapter 13 Web Application Infrastructure

NDN-Android: NDN Networking Stack for Android Platform

Network Management Overview

Why? Increase pace and relevance of IETF standards

I2NSF IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University

User-group-based Security Policy for Service Layer

IPv6 for the Network Edge

IP/MPLS Backbone Transition to SDN: OpenDaylight Advisory Board

I2NSF Framework Project

Network Security Analysis Name : Waleed Al-Rumaih ID :

Taekhee Kim Hyun Yu, Chiwook Jeong, Youngtae Han, Eunkyoung Paik

draft-xu-isis-nvo-cp-00 Xiaohu Xu (Huawei) Saumya Dikshit (Cisco)

MEF Modeling Activities

The SUPA Information Model

IETF 97th SUPA Working Group

IETF 97, November 2016 Seoul, Korea

Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-00 Rakesh Kumar Juniper networks.

3.1 Types of Servers.

ONAP and the Internet Engineering Task Force

Use Cases and Requirements for I2NSF_

FileSpot Collaborative File Manager

Nicolas BOUTHORS Qosmos

IETF 97, November 2016 Seoul, Korea

Interface to Network Security Functions (I2NSF)

ONOS Drake Release September 2015.

Access Control Lists CCNA 2 v3 – Module 11

Message Digest Cryptographic checksum One-way function Relevance

2. Updates from the Last Meeting

SDN Based IoT-Cloud Comm.

SNMP Usage Recommendations

Service Function Chaining-Enabled

VPN: Virtual Private Network

Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-02 Rakesh Kumar Juniper networks.

Antonio Pastor Diego R. López Adrian Shaw

IETF Hackathon: <Project Name>

Software interoperability in the NGN Service layer

Chapter-6 Access Network Design.

Advanced Computer Networks

專題進度報告第一組指導教授:林則孟.張瑞芬.江.

Getting to Know Model-Driven Management With the YANG Catalog

Interface to Network Security Functions (I2NSF)

SPINE: Surveillance protection in the network Elements

Interface to Network Security Functions (I2NSF)

Presentation transcript:

I2NSF Framework @ IETF-98 Hackathon IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu

Why Did We Do this Project? I2NSF: Use NETCONF/RESTCONF + YANG Data Models Is this approach reasonable for management of security devices? Is it better than writing another security protocol? Can we get I2NSF Key Data Model (Capability) refined, and use open source code (e.g., Suricata) for Firewall? Result: I2NSF WG approach works, fast time to market NM/OPS should expand their work into Security I2NSF follows up with MILE, SACM, DOTS, and SECEVENTs Does this work for a student project – Yes!! 9 graduate students Put Code on Web NM: Network Management OPS: Operations

Remote Participants at SKKU in Korea

What are Network Security Functions (NSFs)? Enterprise Network *NSF: Network Security Function NSF2 (DPI) NSF1 (Firewall) No Valid Packet? Enough? Yes Switch packet Forward How to do? Destination Host

Goal of I2NSF Project Given the code base of I2NSF Framework for provisioning Network Security Functions (NSFs), we implemented one thing: Firewall for Web-filtering in I2NSF Framework using Suricata, which is an open source for IDS/IPS.

Contributions for the Goal Proof of Concept (POC) of I2NSF Framework using Open Sources. 2. Validity of I2NSF Interface Design for I2NSF Framework. 3. Feasibility of Data-driven Approach (YANG) for Network Security Services.

Hackathon Development Build Environment OS Ubuntu 14.04TL Netconfd 6.2 Version Apache2 2.4.7 Version MySQL 14.14 Version PHP 5.5.9 Version Mininet 2.2.1 Version OpenDaylight Distribution-karaf-0.4.3-Beryllium-SR3 Suricata 3.2.1 RELEASE

Scenario of Security Services in I2NSF Testbed

Lessons from the Implementation @ Hackathon Proof of Concept (POC) of I2NSF Framework using Open Sources: Confd for I2NSF NSF-Facing Interface Restconf for I2NSF Consumer-Facing Interface Suricata for Firewall NSF OpenDaylight for SDN Controller Mininet for SDN Network Validity of I2NSF Interface Design for I2NSF Framework: Firewall for Web Filtering Feasibility of Data-driven Approach (YANG) for Network Security: YANG Data Models for I2NSF Interfaces among System Entities (I2NSF User, Security Controller, NSFs).

Github Code of I2NSF Implementation https://github.com/kimjinyong/i2nsf-framework/tree/master/ Hackathon-98