Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

Slides:

Advertisements

Similar presentations

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Mr C Johnston ICT Teacher

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

IS Network and Telecommunications Risks

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Networking Kevin, Ray, Kelvin, Stephan, Norman, Phil.

Department Of Computer Engineering

A Survey on Interfaces to Network Security

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

30/11/ Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Network Address Translation (NAT) CS-480b Dick Steflik.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

Chapter 13 – Network Security

ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.

Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

UNIT 5 SEMINAR Unit 5 Chapter 6, plus Lab 10 for next week Course Name – IT482 Network Design Instructor – David Roberts Contact Information:

Interface to Network Security Functions Nov 2014 Linda Dunbar Myo Zarny

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process.

NAT Network Address Translation. Reading CNI – pp Port Mapping LA – pp NAT.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Lesson 11: Configuring and Maintaining Network Security

Security fundamentals Topic 10 Securing the network perimeter.

W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

K. Salah1 Security Protocols in the Internet IPSec.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Security fundamentals

Module 3: Enabling Access to Internet Resources

Network Address Translation

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

Introducing To Networking

Chapter 6: Network Layer

Security in Networking

Nicolas BOUTHORS Qosmos

ISMS Information Security Management System

Firewalls Routers, Switches, Hubs VPNs

Lecture 3: Secure Network Architecture

Network hardening Chapter 14.

AbbottLink™ - IP Address Overview

AT&T Firewall Battlecard

Presentation transcript:

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF

NSIS (1) NSIS is for standardizing an IP signaling protocol (RSVP) along data path for end points to request its unique QoS characteristics, unique FW policies or NAT needs (RFC5973) that are different from the FW/NAT original setting. The requests are communicated directly to the FW/NAT devices. NSIS is path-coupled, it's possible to message every participating device along a path without having to know its location, or its location relative to other devices

NSIS (2) The I2NSF doesn’t require all network functions to comply. I2NSF is to define clients (applications) oriented descriptors (profiles, or attributes) to request/negotiate/validate network security functions that are not physically located on the local premises.

How I2NSF is different from SACM SACM: Security Assessment of End Points End points can be routers, switches, clustered DB, installed piece of software How to encode policies in a manner where assessment can be automated Example: – a Solaris 10 SPARC or Window 7 system used in a environment that requires adherence to a policy of Mission Critical Classified. – rules like "The maximum password age must be 30 days" and "The minimum password age must be 1 day" I2NSF: Interface to Network Security Functions Protocols for clients to request/query/verify Security related functions from Network Providers Firewall DDOS/Anti-DOS Access control/Authorization/Authentication Remote identity management Secure Key management Intrusion Detection System/ Intrusion Prevention System (IDS/IPS) Threat detection: Eavesdropping, Trojans, viruses and worms, Malware, etc. Example: vCPE needs vFW that are hosted in the network. vCPE provides the “Group Policies” for the vFW, like A can talk to B & C, but B can’t talk to C.

PCP As indicated by the name, the Port Control Protocol (PCP) enables an IPv4 or IPv6 host to flexibly manage the IP address and port mapping information on Network Address Translators (NATs) or firewalls, to facilitate communication with remote hosts.

SFC IETF SFC is about mechanism of chaining together service functions; IETF SFC treats all those Service Functions as black box, i.e. SFC doesn’t care what actions those functions are performing. SFC defines the SFC header to carry Metadata with payload to those functions. But SFC itself doesn?t specify what content is encoded in the metadata.

ANIMA ANIMA (Autonomic Networking Integrated Model and Approach) introduces a control paradigm where network processes, driven by objectives (or intent), coordinate their local decisions, autonomically translate them into local actions, and adapt them automatically according to various sources of information including external information and protocol information bases.

Thanks