1 / 12

Dataplane and Content Security on Optical Networks panel

Dataplane and Content Security on Optical Networks panel. Agenda. Digital Media Security - Laurin Herr Data Encryption - Kim Roberts Firewall Issues - Leon Gommans Discussion. Firewall Issues and the Grid. Leon Gommans - University of Amsterdam. Perspective.

fred
Télécharger la présentation

Dataplane and Content Security on Optical Networks panel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dataplane and Content Security on Optical Networkspanel

  2. Agenda Digital Media Security - Laurin Herr Data Encryption - Kim Roberts Firewall Issues - Leon Gommans Discussion.

  3. Firewall Issuesand the Grid Leon Gommans - University of Amsterdam

  4. Perspective “It would be good if grandma went to a retirement home“

  5. Perspective “It is a good thing that we have firewalls “

  6. Prevention: both good and bad Grid Application Issues Prevent Firewall Network safety! My application needs to work! Network Security Issues Act Detect Network Security Cycle

  7. Firewall Issues Research Group • Research Group at the Global Grid Forum (www.ggf.org) • Scope: Issues with firewall style functions • Functional, Control, Performance, Organizational issues • Firewalls & NATs, VPN gateways, Application gateways • First formal meeting held at june GGF meeting in Chicago. • Looking for additional participation from applications

  8. Charter items • Collect and document issues from the grid viewpoint. • Define the categories of issues. • Study existing technologies available • Identify gaps and define requirements for standards bodies. • Issue document also handy for Network Security People. • Research alternative ways to ensure network security.

  9. Contributions received so far • German Aerospace Centre • Workflow driven firewall control requirements. • Forchungs Zentrum Juelich • Authorization requirements • Argonne National Laboratory • Why Gridftp needs a firewall “garage door opener” • External clients using WS End Point References behind a firewall • University of Amsterdam • Integrate firewalls long haul optical (peer) connections. • Using EAP as garage door opener • Your contribution?

  10. Example: gridftp • Firewall administrators don’t want to open 1002 holes in their firewall. Any questions ? • Globus recommends to open ports 50.000-51.000 (1001) • Gridftp: single control channel port (2811) & multiple data ports in Globus port range. • Protocol requires that the sending side do the TCP connect. • Information which port(s) will be used is known at last moment. • 8 streams per file-transfer has proven to be reasonable. • Gridftp needs a “garage-door opener” for individual ports at time of transfer. Door must also automatically close. • Thinking about EAP style (like used in 802.1X WLANs) solution where you authenticate an application in stead of a user. Application profiles determine which holes are allowed.

  11. Optical long haul network Gr id V O M u lt i - do m a i n c o nt r o l a nd m a nage m e n t p l an e Gr id Gr id A pp A pp I nt e rne t B y pa s s l l Fi re Fi re W a l l W a l l D MZ D MZ Gr id Gr id A D FTP FTP Fi re Fi re n t er I W a l l W a l l ne t B C

  12. Future documents • Requirements towards standards bodies • IETF: NSIS, MIDCOM, EAP • Trusted Computing group: • Trusted Computing Architecture • EAP extensions for virus checking • Research into new directions • Token Based networking • High speed encryption • Workflow system integration • etc.

More Related