Date

Attendees

Goals

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • FoD v1.5 Pilot UAT testing
        • Pilot report draft has been revised by Ivana and is now fully ready
  • FoD v1.5 development/enhancement
        • Tomáš' investigation about DatePicker for increased expiration limit and zooming in statistic graphs is in progress
  • FoD v1.5 production service documents
      • Existing user documentation (as presentation document, especially regarding rule control REST API) should be extended to a proper document, e.g. to be used in future user trainings
      • Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
      • For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
      • Evangelos is in progress of updating the service template
  • FoD v1.6 development
      • Václav has directly contacted developer of Warden/FlowMon connector:
          • Got source code from him
          • Got information that normal FlowMon IDS's DDoS detection is inferior the one of FlowMon DDoS Defender plugin
          • There is another version of Warden/FlowMon connector available which can work with FlowMon DDoS Defender plugin
          • => Václav and Evangelos will try to install that new version for the testing FlowMon
      • Tomáš,Václav, and David will meet in next days to plan on how to faster proceed with FoD v1.6/FRU development

DDoS Detection/Mitigation (D/M) WG

GARR DDoS D/M PoCs/Testing Framework

  • ARBOR PoC:
      • ARBOR is better at detection,
      • whereas it's mitigation is quite static (similar to a Juniper firewall)
      • and so only be capable of handling known and familiar attack types
      • and resulting in false positives as well as false negatives (e.g., blocking any DNS traffic instead of only one originating from attacks)
  • Radware (for mitigation) + FlowMon (for detection) PoC
      • FlowMon's traffic profile config is too limited for GARR, as it employs counters on a too granular basis
  • Silvia and Nino elaborated and collected a common list of a DDoS attack types out of RadWare, ARBOR, and other sources, as well as designed and tested command lines (e.g. using hping3) to reproduce them to be used in the PoCs
  • Silvia and Nino are currently preparing internal, final PoC report, which they will use as basis for a white paper covering
      • their gained experience of RadWare/ARBOR detection/mitigation's usefulness in general
      • as well as the means (CLI commands, etc.) they developed to verify the different attacks types per PoC
GÉANT A10 PoC
  • after pilot has been done, now a training took place to prepare for A10 be used in production in future

GDPR Compliance

PSC FoD Installation Issue


Next VC

In 2 weeks: 16.05.2018, 14:15-15:15 CE(S)T

Action items


  • No labels