| Time | Item | Who | Notes |
|---|
| Firewall On Demand (FoD) |
| - (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
- FoD v1.6 = FoD with automated rule proposal from RepShield
- FoD v1.5 Pilot UAT testing
- Pilot report draft has been revised by Ivana and is now fully ready
- FoD v1.5 development/enhancement
- Tomáš' investigation about DatePicker for increased expiration limit and zooming in statistic graphs is in progress
- FoD v1.5 production service documents
- Existing user documentation (as presentation document, especially regarding rule control REST API) should be extended to a proper document, e.g. to be used in future user trainings
- Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
- For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
- Evangelos is in progress of updating the service template
- FoD v1.6 development
- Václav has directly contacted developer of Warden/FlowMon connector:
- Got source code from him
- Got information that normal FlowMon IDS's DDoS detection is inferior the one of FlowMon DDoS Defender plugin
- There is another version of Warden/FlowMon connector available which can work with FlowMon DDoS Defender plugin
- => Václav and Evangelos will try to install that new version for the testing FlowMon
- Tomáš,Václav, and David will meet in next days to plan on how to faster proceed with FoD v1.6/FRU development
|
| DDoS Detection/Mitigation (D/M) WG |
| GARR DDoS D/M PoCs/Testing Framework - ARBOR PoC:
- ARBOR is better at detection,
- whereas it's mitigation is quite static (similar to a Juniper firewall)
- and so only be capable of handling known and familiar attack types
- and resulting in false positives as well as false negatives (e.g., blocking any DNS traffic instead of only one originating from attacks)
- Radware (for mitigation) + FlowMon (for detection) PoC
- FlowMon's traffic profile config is too limited for GARR, as it employs counters on a too granular basis
- Silvia and Nino elaborated and collected a common list of a DDoS attack types out of RadWare, ARBOR, and other sources, as well as designed and tested command lines (e.g. using hping3) to reproduce them to be used in the PoCs
- Silvia and Nino are currently preparing internal, final PoC report, which they will use as basis for a white paper covering
- their gained experience of RadWare/ARBOR detection/mitigation's usefulness in general
- as well as the means (CLI commands, etc.) they developed to verify the different attacks types per PoC
GÉANT A10 PoC
- after pilot has been done, now a training took place to prepare for A10 be used in production in future
|
| GDPR Compliance |
| - Result from 1st VC with GDPR SA2 team
|
| PSC FoD Installation Issue |
|
|
| Next VC |
| In 2 weeks: 16.05.2018, 14:15-15:15 CE(S)T
|