Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong

Published byMagdalena Calderón Modified over 5 years ago

Similar presentations

Presentation on theme: "IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong"— Presentation transcript:

1 I2NSF Framework @ IETF-98 Hackathon
IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong Sungkyunkwan University

2 Why Did We Do this Project?
I2NSF: Use NETCONF/RESTCONF + YANG Data Models Is this approach reasonable for management of security devices? Is it better than writing another security protocol? Can we get I2NSF Key Data Model (Capability) refined, and use open source code (e.g., Suricata) for Firewall? Result: I2NSF WG approach works, fast time to market NM/OPS should expand their work into Security I2NSF follows up with MILE, SACM, DOTS, and SECEVENTs Does this work for a student project – Yes!! 9 graduate students Put Code on Web NM: Network Management OPS: Operations

3

4 Remote Participants at SKKU in Korea

5 What are Network Security Functions (NSFs)?
Enterprise Network *NSF: Network Security Function NSF2 (DPI) NSF1 (Firewall) No Valid Packet? Enough? Yes Switch packet Forward How to do? Destination Host

6 Goal of I2NSF Project Given the code base of I2NSF Framework for provisioning Network Security Functions (NSFs), we implemented one thing: Firewall for Web-filtering in I2NSF Framework using Suricata, which is an open source for IDS/IPS.

7 Contributions for the Goal
Proof of Concept (POC) of I2NSF Framework using Open Sources. 2. Validity of I2NSF Interface Design for I2NSF Framework. 3. Feasibility of Data-driven Approach (YANG) for Network Security Services.

8 Hackathon Development
Build Environment OS Ubuntu 14.04TL Netconfd 6.2 Version Apache2 2.4.7 Version MySQL 14.14 Version PHP 5.5.9 Version Mininet 2.2.1 Version OpenDaylight Distribution-karaf Beryllium-SR3 Suricata 3.2.1 RELEASE

9 Scenario of Security Services in I2NSF Testbed

10 Lessons from the Implementation @ Hackathon
Proof of Concept (POC) of I2NSF Framework using Open Sources: Confd for I2NSF NSF-Facing Interface Restconf for I2NSF Consumer-Facing Interface Suricata for Firewall NSF OpenDaylight for SDN Controller Mininet for SDN Network Validity of I2NSF Interface Design for I2NSF Framework: Firewall for Web Filtering Feasibility of Data-driven Approach (YANG) for Network Security: YANG Data Models for I2NSF Interfaces among System Entities (I2NSF User, Security Controller, NSFs).

11 Github Code of I2NSF Implementation
Hackathon-98

Download ppt "IETF 98, Chicago, US March 26, 2017 Jaehoon (Paul) Jeong"

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Grand Challenges in Networking Nick Feamster CS 7001.

Grand Challenges in Networking Nick Feamster CS 7001.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
MIT Libraries’ FileMaker Use Policy as an example local DLC policy.

MIT Libraries’ FileMaker Use Policy as an example local DLC policy.
Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.
3GPP2 Wireless Networks Evolution to IP and IP v6

3GPP2 Wireless Networks Evolution to IP and IP v6
Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.

Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.
3/21/001 What did we learn at this workshop? Dan Nessett, moderator Usenix Special Workshop on Intelligence At the Network Edge San Francisco, CA March.

3/21/001 What did we learn at this workshop? Dan Nessett, moderator Usenix Special Workshop on Intelligence At the Network Edge San Francisco, CA March.
GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.

GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Internet A simple introduction 400410048 黃韻文 400410082 申逸慈.

Internet A simple introduction 黃韻文 申逸慈.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Jose Jimenez Telefónica I+D Future Network & Mobile Summit 2011 The vision of Future Internet in the FI PPP Core Platform project.

Jose Jimenez Telefónica I+D Future Network & Mobile Summit 2011 The vision of Future Internet in the FI PPP Core Platform project.
Unified Distributed e-Mail (UDub Mail) Life Cycle Objectives Sachin Pradhan Gabriel Maganis.

Unified Distributed (UDub Mail) Life Cycle Objectives Sachin Pradhan Gabriel Maganis.
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.
Dissuasion, Working Group Scope and Deliverables Lou Berger Pat Thaler

Dissuasion, Working Group Scope and Deliverables Lou Berger Pat Thaler
Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

Similar presentations

Ads by Google