Presentation is loading. Please wait.

Presentation is loading. Please wait.

I2NSF Project @ IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu.

Published byDeborah Shelton Modified over 6 years ago

Similar presentations

Presentation on theme: "I2NSF Project @ IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu."— Presentation transcript:

1 I2NSF Project @ IETF-97 Hackathon
Jaehoon (Paul) Jeong Sungkyunkwan University

2 Why Do We this Project? I2NSF: Chartered to use NETCONF/RESTCONF + Data Models Is this approach reasonable for management of security devices? Is it better than writing another security protocol? Can we get I2NSF Key Data Model (Capability) refined, and put open source code for VOIP/VoLTE and Firewall? Result: I2NSF WG approach works, fast time to market NM/OPS should expand their work into Security I2NSF follows up with MILE, SACM, DOTS, and SECEVENTs Does this work for a student project – Yes!! 25 new 1st timers at IETF Put Code on Web NM: Network Management OPS: Operations

3

4 What are Network Security Functions (NSFs)?
Enterprise Network *NSF: Network Security Function NSF2 (DPI) NSF1 (Firewall) No Valid Packet? Enough? Yes Switch packet Forward How to do? Destination Host

5 (i) Firewall for Web-filtering in I2NSF Framework using SDN and
Goal of I2NSF Project Given the code base of I2NSF Framework for provisioning Network Security Functions (NSFs), we implemented two things: (i) Firewall for Web-filtering in I2NSF Framework using SDN and (ii) Deep Packet Inspection (DPI) for VoIP/VoLTE Security Service in I2NSF Framework.

6 Contributions for the Goal
Proof of Concept (POC) of I2NSF Framework using Open Sources. 2. Validity of I2NSF Interface Design for I2NSF Framework. 3. Feasibility of Data-driven Approach (YANG) for Network Security Services.

7 Hackathon Development
Building Environment OS Ubuntu 14.04TL Netconfd 6.2 Version Apache2 2.4.7 Version MySQL 14.14 Version PHP 5.5.9 Version Mininet 2.2.1 Version OpenDaylight Distribution-karaf Beryllium-SR3

8 I2NSF User (security policy)
Scenario of Security Services in I2NSF Testbed *NSF: Network Security Function *NSFF: NSF Forwarder for Traffic Steering Enterprise Network with I2NSF I2NSF User (security policy) 1. Time-dependent Firewall e.g.) 09:00 – 18:00 => Block 18:01 – 08:59 => Unblock Security Controller 2. VoIP/VoLTE Filtering Rule e.g.) Blacklist of SIP URI and User Agent NSF1 (Firewall) NSFF NSF2 (DPI) SDN Network Facebook Internet Host (Employee) Switch Switch Switch Switch Switch Switch Youtube Hacker Gateway at Africa

9 Lessons from the Implementation @ Hackathon
Proof of Concept (POC) of I2NSF Framework using Open Sources: Confd for NETCONF OpenDaylight for SDN Controller Mininet for SDN Network RestAPI for I2NSF Interface Validity of I2NSF Interface Design for I2NSF Framework: Firewall for Web Filtering DPI for VoIP/VoLTE (e.g., Blacklist and Whitelist) Feasibility of Data-driven Approach (YANG) for Network Security: YANG Data Models for I2NSF Interfaces among System Entities (I2NSF User, Security Controller, NSFs).

10 Demonstration of I2NSF Implementation
YouTube Videoclip:

Download ppt "I2NSF Project @ IETF-97 Hackathon Jaehoon (Paul) Jeong Sungkyunkwan University pauljeong@skku.edu."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.

GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Networking Components Starla Wachsmann. COMPUTER NETWORKING COMPONETS Today’s wireless and enterprise networks are more complex than ever, delivering.

Networking Components Starla Wachsmann. COMPUTER NETWORKING COMPONETS Today’s wireless and enterprise networks are more complex than ever, delivering.
McLean 20061 HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.
The Intranet.

The Intranet.
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.
1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.

1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.

Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Similar presentations

Ads by Google