Internet2 Network Security SIG

[Steven Wallace <>]

Paul suggested that the vendor presentations would be more focused if we shared our requirements. Below is what I think is generally representative of our interests/requirements. IU is currently in discussions with Incapsulate, so it should be easy for me to reach out to them for the first webinar. These will be recorded, so less critical for everyone to attend, however if there are specific areas of interested, or questions, let me know so that can be addressed.

Please provide any input for the following, as it will convey to the vendor the topics we wish them to address.

thanks,

steven

Describe how your service addresses the following attacks against a university or regional network (will offer pointers to descriptions of each):

• DDoS attacks that result in a high volume of inbound traffic (greater than 10Gb/s) and disrupt both the targeted services as well as the operation of the network itself.
• persistent DDoS attacks against key services or infrastructure (DNS, key web server, VPN, etc.)

Solutions we’re interested in, but will welcome a more expansive response:

• capability to host a services remotely always and/or during an attack
• capability to detect and alert of an attack
• capability to scrub traffic
• capability to work with major ISPs to coordinate mitigation 
• DNS services
• layer 7-aware firewall/scrubbing 

Please include details such as:

• mechanisms supported for announcing prefixes for a scrubbing service (e.g., BGP signaling)
• attack/service dashboard
• on-boarding process
• capacity
• how are SSL sessions proxied (who supplies keys, etc.)