Interface to Network Security Functions Nov 2014 Linda Dunbar Myo Zarny

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

SDN in Openstack - A real-life implementation Leo Wong.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Chapter 12 Network Security.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

Andrew Fuqua 3/4/2015 LTEC A network HUB is a device that is used to link multiple devices over a network. The HUB is not a great choice when shopping.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

A Survey on Interfaces to Network Security

Authenticating REST/Mobile clients using LDAP and OERealm

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Course 201 – Administration, Content Inspection and SSL VPN

Additional SugarCRM details for complete, functional, and portable deployment.

How to protect your Virtual Datacenter Michiel van den Bos.

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

Cloud Computing Cloud Security– an overview Keke Chen.

Network Configuration Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.

NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Module 14: Configuring Server Security Compliance

SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Module 5: Configuring Internet Explorer and Supporting Applications.

Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing3/3/2011.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.

1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna

Module 7: Advanced Application and Web Filtering.

APEC Engineers Databank Operation and Maintenance Chin-Chou Chen Sep. 22, 2015 WORKSHOP ON FEASIBILITY AND IMPLEMENTATION OF A CENTRALIZED DATA BANK OF.

Infrastructure Consolidation Cloud/SaaS Web 2.0 Converged Communications Virtualization Mobile Devices.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

1 The Network Menu. 2 Static Routing The Static Routing functionality within GD eSeries allows users to easily configure static routes to networks not.

Security Considerations

Network Virtualization Overlays Use Cases draft-timy-nvo3-use-case-01 Lucy Yong Mehmet Toy Aldrin Isaac Vishwas Manral Linda Dunbar Vancouver July 31,

I2NSF Data Center Use Cases draft-zarny-i2nsf-data-center-use-cases-00 M. Zarny: Goldman Sachs S. Magee: F5 networks N. Leymann: Deutsche Telecom L. Dunbar:

Complete VM Mobility Across the Datacenter Server Virtualization Hyper-V 2012 Live Migrate VM and Storage to Clusters Live Migrate VM and Storage Between.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

User-group-based Security Policy for Service Layer Jianjie You Myo Zarny Christian Jacquenet

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.

1 CONFIDENTIAL – INTERNAL ONLY1 Fortinet Confidential June 23, 2016 Securing The Cloud & Data Center.

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

Address Resolution Issues Induced by VPN-oriented Cloud Service

ArcGIS for Server Security: Advanced

Example Services Managed by OpenECOMP Demo

User-group-based Security Policy for Service Layer

Cloud Security– an overview Keke Chen

Cloud Adoption Framework

2018 Real Cisco Dumps IT-Dumps

Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.

Securing your Colleague Network Environment

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

IS4680 Security Auditing for Compliance

Firewalls Types of Firewalls Inspection Methods Firewall Architecture

Healthcare Cloud Security Stack for Microsoft Azure

Lecture 3: Secure Network Architecture

Saravana Kumar CEO/Founder - Kovai Atomic Scope – Product Update.

Cloud Computing: Concepts

Instructor Materials Chapter 8: Applied Networking

Computer Networks Protocols

Client/Server Computing and Web Technologies

NFV and SD-WAN Multi vendor deployment

AT&T Firewall Battlecard

Presentation transcript:

Interface to Network Security Functions Nov 2014 Linda Dunbar Myo Zarny Christian Jacquenet Shaibal Chakrabarty

Firewall box configuration: ports & links based

Challenges Internet vSwitch VM1 VM vSwitch VM1 VM2 VM Clients needs to control its network security functions for their virtual networks. VM2 Resource & Policies management Resource Pool Key properties: -Clients don’t know how their VMs are mapped in the network. -VMs being moved, which will have different network ports. -Clients can’t easily view/query the FW policies related to their virtual networks.

Common Functional components of FW Functional components: – User authentication, user privilege control – Policies, targets, – Configuration, query, validation – Logging, Reporting – Maintenance methods – … Interface to Clients: Restful API: Web Portal Web browser Customer WebPortal Automated Prov Sys

Goal: a common interface for client to specify desired network security functions Regardless if the policies are enforced by FW or other devices. Clients' policy stay the same regardless what IP/MAC address are assigned/changed as VMs move around DCs. App 1=IP11 App 2=IP12 App 3=IP13 App 4=IP14 … App 3 App 2 App 1 App 4 App 1=IP1 App 2=IP2 App 3=IP3 App 4=IP4 … App 3 App 2App 1 App 4 Config 2: Config 1 ： Policies for Firewall IP1===>IP3 IP1===>IP4 IP2=X=>IP3 IP2===>IP4 IP3 ===>IP1 IP3 ===>IP2 IP4=X=>IP1 IP4 ===>IP2 Change of the policies ： IP11===>IP12 IP11===>IP14 IP13===>IP12 IP13===>IP14 … IP12=X=>IP11 IP12=X=>IP13 IP14=X=>I1P1 IP14 =X=>IP13 … Zones ： Yellow zone Green zone … Security Policy ： Yellow===>Yellow, Green Green ===> Green Prohibited Green=X=>Yellow

Security Functions under consideration: The wide acceptance of security functions that are not running on customer premises. For example: – Security as a Service: – Firewall as a Service : cloud/content/fwaas.htmlhttp://docs.openstack.org/admin-guide- cloud/content/fwaas.html – Security has the sense of “long lasting services”. So we don’t have to deal with “On-Demand” oscillation issues. Here are the network functions under consideration: – Firewall – IPS/IDS (Intrusion detection system/ Intrusion prevention system) – DDOS/AntiDoS – Access control/Authorization/Authentication – Secure Key management

FW as a service: potential attributes

Security as a Service: Potential attributes

Relevant Industry initiatives: Firewall as a Service by OpenStack – OpenStack completed the Firewall as a Service project and specified the set of APIs for Firewall services: guide-cloud/content/fwaas_api_abstractions.htmlhttp://docs.openstack.org/admin- guide-cloud/content/fwaas_api_abstractions.html – OpenStack has defined the APIs for managing Security Groups: cloud/content/securitygroup_api_abstractions.html cloud/content/securitygroup_api_abstractions.html – Attributes defined by OpenStack Firewall/Security as a Service will be the basis of the information model for the proposed work at VNFOD IETF initiative. Security as a Service by Cloud Security Alliance – SaaS by CSA is at the very initiate stage of defining the scope of work.