Dataplane and Content Security on Optical Networks panel - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Dataplane and Content Security on Optical Networks panel

Description:

Integrate firewalls long haul optical (peer) connections. Using EAP as garage door opener ... Optical long haul network. M. u. lt. i. do. m. a. i. n. c. o. nt ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 13
Provided by: leo147
Category:

less

Transcript and Presenter's Notes

Title: Dataplane and Content Security on Optical Networks panel


1
Dataplane and Content Security on Optical
Networkspanel
2
Agenda
  • Digital Media Security - Laurin Herr
  • Data Encryption - Kim Roberts
  • Firewall Issues - Leon Gommans
  • Discussion.

3
Firewall Issuesand the Grid
Leon Gommans - University of Amsterdam
4
Perspective
It would be good if grandma went to a retirement
home
5
Perspective
It is a good thing that we have firewalls
6
Prevention both good and bad
Grid Application Issues
Prevent
Firewall
Network safety!
My application needs to work!
Network Security Issues
Detect
Act
Network Security Cycle
7
Firewall Issues Research Group
  • Research Group at the Global Grid Forum
    (www.ggf.org)
  • Scope Issues with firewall style functions
  • Functional, Control, Performance, Organizational
    issues
  • Firewalls NATs, VPN gateways, Application
    gateways
  • First formal meeting held at june GGF meeting in
    Chicago.
  • Looking for additional participation from
    applications

8
Charter items
  • Collect and document issues from the grid
    viewpoint.
  • Define the categories of issues.
  • Study existing technologies available
  • Identify gaps and define requirements for
    standards bodies.
  • Issue document also handy for Network Security
    People.
  • Research alternative ways to ensure network
    security.

9
Contributions received so far
  • German Aerospace Centre
  • Workflow driven firewall control requirements.
  • Forchungs Zentrum Juelich
  • Authorization requirements
  • Argonne National Laboratory
  • Why Gridftp needs a firewall garage door
    opener
  • External clients using WS End Point References
    behind a firewall
  • University of Amsterdam
  • Integrate firewalls long haul optical (peer)
    connections.
  • Using EAP as garage door opener
  • Your contribution?

10
Example gridftp
  • Firewall administrators dont want to open 1002
    holes in their firewall. Any questions ?
  • Globus recommends to open ports 50.000-51.000
    (1001)
  • Gridftp single control channel port (2811)
    multiple data ports in Globus port range.
  • Protocol requires that the sending side do the
    TCP connect.
  • Information which port(s) will be used is known
    at last moment.
  • 8 streams per file-transfer has proven to be
    reasonable.
  • Gridftp needs a garage-door opener for
    individual ports at time of transfer. Door must
    also automatically close.
  • Thinking about EAP style (like used in 802.1X
    WLANs) solution where you authenticate an
    application in stead of a user. Application
    profiles determine which holes are allowed.

11
Optical long haul network
Gr
id

V
O
M
u
lt
i
-
do
m
a
i
n

c
o
nt
r
o
l

a
nd m
a
nage
m
e
n
t p
l
an
e
Gr
id
Gr
id
A
pp
A
pp
l
l
I
nt
e
rne
t
B
y
pa
s
s
Fi
re
Fi
re
W
a
l
l
W
a
l
l
D
MZ
D
MZ
Gr
id
Gr
id
A
D
FTP
FTP
Fi
re
Fi
re
n
t
er
I
W
a
l
l
W
a
l
l
ne
t
B
C
12
Future documents
  • Requirements towards standards bodies
  • IETF NSIS, MIDCOM, EAP
  • Trusted Computing group
  • Trusted Computing Architecture
  • EAP extensions for virus checking
  • Research into new directions
  • Token Based networking
  • High speed encryption
  • Workflow system integration
  • etc.
Write a Comment
User Comments (0)
About PowerShow.com