Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Internet2, MANRS and embedded security

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Internet2, MANRS and embedded security


Chronological Thread 
  • From: Andrew Gallo <>
  • To:
  • Subject: Re: [Security-WG] Internet2, MANRS and embedded security
  • Date: Thu, 16 Aug 2018 14:50:57 -0400
  • Ironport-phdr: 9a23:pWCYIBGGp+iSQvLR9XfAZJ1GYnF86YWxBRYc798ds5kLTJ78ocWwAkXT6L1XgUPTWs2DsrQY07SQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDuwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOSMn/mHZisJ+j6xVrxyuqBN934HZe46VOOZkc67BYd8XS2pMU8BMXCJBGIO8aI4PAvIdMOZesob9vUUBrBWjDgetHuzvzjtIhnjr1qA9yeshHhvJ3AgkH9IJq3nUo9v0NLoIXe+r0abI0CzOYvVL0jnz74jIdwouofCKXb9odMre008vFxnejlmKrozlJTyV2+IQuGaY9+ptTf+jhm86pw1rvDSixskhhpPUio8Uy13I7zh1zJgtKdGlVkJ2YsSoHIZRuiyVLYd6X80vT3t2tCs817YIo4S0fDIQx5Qi3xPfa+KIc4yP4h/7UeaeOzZ4hHZ9eLKlmhmy71KvxfD5Vsi1zlpGtzFFktzQtnAVzRDc9NOHRuFy/kavxDaDzR7c5fxZIUwslKrbLYAuwqIom5YOsEnPAzX6lFv2gaKYbEko5+ml5uX9brn7uJOQL4p0hRv/MqQqlMy/G+M4Mg0WUmeB9uSzzrnj/Un+QLhRgf03nLTZvIrEKssGu661GxVV3Zo76xajEzem18wVnWIZI11ZZRKHlYnpO03OIfzhA/a/jE+hkDNqx/DdIr3hGYvBImLCkLfnYbZy9VRcyAwtwtBD+Z5YEK8OL+/uWhy5iNuNFRIyLha13/eiF9pV14UCVHiJD7PDdq7erAym/OUqdsCKaJUYp37SIvwh4La6hHAwnVsaVaa2wN0aZG3uTacuGFmQfXe52oRJKmwNpAdrFOE=
GW campus network joined manners earlier this summer. The process was straight forward and was more of a sanity check on things we've had in place for years. The only question posed to us is why we hadn't published our routing policy in an IRR using RPSL. The small regional we run, CAAREN, had a bit more work to do, but also was added as a MANRS participant this summer. As a transit provider, the anti-spoofing action took a bit of work to 'tighten-up,' but we're now running in strict mode RPF (with exception filters) for most of our customers, though one requires loose mode. A couple of thoughts on "embedded security" : monitoring, measuring and reporting would be the key things I would focus on first. Action (specifically filtering) would be a tougher. Filtering on demand (maybe via flowspec) has been talked about.


On 8/14/2018 11:23 AM, Brock, Anthony W wrote:
Colleagues,
As most of your are aware, Internet2 has been working with several of their
partners (GÉANT, Jisc, etc) to identify how to best integrate security into
their present and future efforts. One of the deliverables from this group
(the REN Routing Security group) is the implementation of MANRS
https://www.manrs.org/ in their respective environments. Internet2 plans to
have MANRS implemented by the end of 2018 and several others (Geant, ESnet,
KANREN, etc.) have either already implemented or are in the process of
implementing it.
Has your organization implemented MANRS or are you planning to? If not, what
are your obstacles to implementation (money, time, priorities, etc)? If yes,
what helped to move this forward within your organization?
Also, Internet2 is including "embedded security" as part of the plan for the next
generation of their network. It turns out that "embedded security" has not yet been
defined within the context of their environment! So...
How would your define "embedded security" for Internet2? What would it look
like? Would it be increased security intelligence, analysis, operational activities,
etc? How could this be defined to help you and your organization in both your
day-to-day activities as well as in your long-term security interests? Finally, would
this be a topic of interest for calls with the Security WG, within the overall NTAC, or
maybe even at the coming TechX conference?
Tony


--
________________________________
Andrew Gallo
The George Washington University


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page