1 / 8

Firewall Issues Research Group

Firewall Issues Research Group. Chairs: Inder Monga, Leon Gommans. FI-RG Goals. Study barriers and propose solutions to inter-organization grid deployment due to mid-boxes managed by varied administrative domains Firewalls NATs VPN gateways Application-level gateways …

quynh
Download Presentation

Firewall Issues Research Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Firewall Issues Research Group Chairs: Inder Monga, Leon Gommans

  2. FI-RG Goals • Study barriers and propose solutions to inter-organization grid deployment due to mid-boxes managed by varied administrative domains • Firewalls • NATs • VPN gateways • Application-level gateways … • Collect use-cases, classify issues, existing and new solutions, gap-analysis, research... Enthuse standards, explore grid-friendly solutions and influence vendor implementations 2

  3. Group Progress vs Charter • An inventory of the type of issues when Grid jobs have to deal with middle-box functions, application level gateways, VPN style gateways, etc. Describe and classify the issues in document #1 • Published as GFD-I.083 • An evaluation of existing middle-box (signaling-) protocols and functions. Recognize possible limitations and produce a list of requirements • What is the deployment story? Reasons why these are not well deployed • Formal document not started, presentation last OGF • An evaluation of approaches and solutions such as application level gateways, host based firewalls, VPN style gateways etc. Capture results in document #3 • Intent is to apply solutions to use-cases and do a “gap-analysis” 3

  4. Document Relationships Vendor Community Existing Solutions Description & Analyses Grid community Grid Firewall Issues & Analyses Documents 2&3 Emerging New Solutions Description & Analyses  Document #1 Vendor Community Research & Vendor Community 4

  5. Modified Group Milestones • GGF13: Charter discussion and group volunteers (done). • GGF14: Collection of existing documents with Group discussions (done) • GGF15: First draft of document #1 and Group discussions. (done) • GGF 16: RG-last call and submission of document #1. • GGF 17: RG last-call for use-cases document. Discussion on solutions document. (done) • GGF 18: Submit use-case document for public comment. Form and initiate solutions draft team (done) • GGF 19: Use-cases document published. Continue discussions and contributions to solutions draft • GGF 20: First draft of solutions and requirements draft • GGF21: Finalize solutions for public comment, initiate gap analysis and standardization opportunities • GGF 22: Publish solutions drafts, Gap analysis between standards and solution requirements • GGF 23: Publish gap analysis and start standardization activity (in OGF or other) 5

  6. Current recognition • Grid applications, its administrators and its user groups have to deal with security services not under their direct control (ex. The Firewall) • Multiple solutions are proposed and implemented in research community, which provides dynamic firewall brokering such as: • CODO - Cooperative On-Demand Opening (UoW/ANL) • Dyna-fire - Port knocking (U at Buffalo) • Token mechanisms for Optical connections (UvA) • See FI-RG Wiki pages for more details • Will firewalls move to one implementation model even if standardized? • At least not in the next 3 years 6

  7. New Approach • Separate firewall requirements from firewall control mechanisms, ie make the firewall simple and put complexity outside. • Abstract the dynamic nature and security considerations into service access methods using either a provisioning approach or signaling approach. 7

  8. Contribute • Mailing list:fi-rg@ggf.org • Projects page:https://forge.gridforum.org/sf/projects/fi-rg • Contacts: • Leon Gommans: lgommans@science.uva.nl • Inder Monga: imonga@nortel.com 8

More Related