Services delivered by NRENs or joint services delivered by GÉANT, for example Certificate Services (TCS, other), DDoS mitigation, (virtualised) Firewalling, and others. Research into the use of emerging technologies such as quantum cryptology and blockchain technologies. 


The topics suggested by the community:

  • Value assessment template
  • Risk assessment template (→ management of risk)
  • Nessus reporting template
  • Vulnerability management tool
  • AI for security data
  • Shared/managed (community) SOC
  • Blockchain 
  • Product security rating (A+, A, A-, B+, etc)
  • Security information feeds 1(→ management of risk/threat intelligence)
  • Vendor score database 
  • Standards for procuring (networking) equipment (→ security baselining for products)
  • European NRENs threat overview 2 (→ management of risk)
  • Network automation, SDN, virtualisation (→ networking!)

Additional topics (25 October consultation)

  • Tools to pull threat info out of / process netflow data to indicate malicious activity (→ in combination with management of risk/threat intelligence)
  • organizational and technical interop of NRENs and GEANTs DDoS analysis and mitigation platforms
  • Generalized Multi-Domain FirewallOnDemand interface supporting further (non FlowSpec) DDoS mitigation technologies (washing machines, SDN/
  • Evaluating pentesting as a service
  • Communication with local law enforcement. What are the procedures? (→ incident respons)
  • IoC detection and sharing at institutional level (→ in combination with management of risk/threat intelligence)
  • Information sharing platform
  • foster use of PKI for client security (esp. E-Mail) (→ Certificate services/TCS?)
  • EDU VPN: make VPN technology commonly available, by building better and more user-friendly tools (Secure and privacy preserving access fro
  • A channel for realtime information / threat sharing (→ in combination with management of risk/threat intelligence)
  • Agreements for inter-country collaboration - trusted frameworks/standards (→ legal and/or security baseline)
  • RepShield (correlated security events and reputation score for e.g. IP addresses) further development and distribution in Multi-Domain manner (→ in combination with management of risk/threat intelligence)
  • Helping to design an NREN security strategy (→ this whitepaper, security baselining)
  • Working group on information sharing and tooling (→ in combination with management of risk/threat intelligence)

-       discuss/collab on technical controls

-       wiki?

  • Also: FirewallOnDemand as Multi-Domain interface for DDoS mitigation across multiple domains (GEANT, NRENs, institutions)
  • General: Regional collaboration - particularly outside of EU

-       what NRENs do and how we approach security

-       link up to other groups

  • Sensor development and aggregation platform (e.g. honeynet, IDS, etc.) (→ in combination with management of risk/threat intelligence)

Additional comments from GARR:

[1] Security information feeds can really have many different meanings, and 

in our opinion is a fundamental topic. But what does it mean exactly? Do 

we just intend to install yet another s/w or h/w (NetReflex style) to give 

us feeds? In this case this is not interesting, as previous experience 

showed light use of such feeds. If instead it means to study new "problems 

detectors/indicators" on shared platforms among us, to invent an efficient 

and not too heavy method to use these "big security data", for example as 

in MISP (quoted as one of the items in the paper), then yes, we find it 

very high priority. (GARR)

 

[2] European NRENs threat overview; Are we are going to look for where the 

threats are and come from? Will we develop a common platform to 

disseminate the information about these threats? If so, then we believe 

this is very important, but is this what was intended in this topic/title? (GARR) (→ risk management)

 

[3]  DDos Protection; this is a very important and effective topic to 
protect an NREN and GEANT in general... but where does it fit in the 
proposed list of topics? We cannot easily see it. The same applies for 
"active threats monitoring" and "threats detection": where do they belong 
to? There are for us the 3 most importanto security topics to work on at 
the moment, and it is an absolute must to understand where they will be



  • No labels