Internet2 Network Security SIG

[Jesse Bowling <>]

Also, I failed to attach the document as promised. :)

Attachment: Routed Services Futures Report v2.docx
Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document

Excerpts for your consideration…

From the Executive Summary:

"·       Security – The community should be a leader in Layer-3 security 
including adoption of current and emerging security best practices, to at a 
minimum include MANRS, with an intent to implement broader routing security 
and other security practices that provide a superior secure service to the 
community.”

"Discussion & Recommendation 4: Security

As critical campus services and other community research collaborations move 
to increasingly global and cloud-based activities, we need to ensure that the 
paths we provide to those are valid and assure the same level of security as 
on-premises.

The routed services group recognizes that the broader security community 
within Internet2 has provided leadership on a variety of topics that expand 
far beyond the core routed infrastructure. The R&E community should be at the 
forefront of driving improvements in the security of the global Internet 
infrastructure. For the core BGP routed portion of the Internet2 service and 
our participation in the global Internet, this includes identifying routing 
best practices, and listing/promoting regionals and campuses that have 
adopted these practices. The group believes that joining MANRS and 
implementing their best practices is a good first step, but it isn't enough. 
The community should work towards using the current state of the art  
commercial, and R&E), and to assure participant routes that we offer to each 
other are valid. The development of this strategy should include workshops to 
develop routing security expertise at both the campus and regional level.

The committee recognizes that there is much more to consider with respect to 
network security. The committee recommends that NTAC Security Working Group 
be asked to thoroughly investigate these issues and make further 
recommendations to the community.”

Please do consider the document in its entirety, as there are other areas 
that will touch security as well; cloud connectivity via VRF’s and the focus 
on automation are two examples.

Cheers,

Jesse


> On Apr 23, 2019, at 6:54 PM, Jesse Bowling <> wrote:
> 
> Hi everyone,
> 
> We have a few items it would be good to discuss in real time, and it would 
> be useful for us all to gather via teleconference on a more regular basis. 
> Please take a few moments to vote on the times that would work best for 
> you, and I’ll schedule something in the next two weeks. If none of these 
> day/times works for you, send me a note for what does work.
> 
> https://doodle.com/poll/w8kvydrs4uef2bi3
> 
> I’m also looking for a vice-chair, and will take volunteers for any 
> interested parties. If you’re interested in helping out, please drop me me 
> a note expressing interest and a sentence on why you’d like to serve.
> 
> The largest agenda item is discussion about the security section of the 
> Routed Services Futures Report (attached below). Please have a look at the 
> document and make some notes for discussion or go ahead and share those 
> thoughts back with the group.
> 
> If you see anything you believe the group should discuss outside the 
> following items, please drop me a note and I’ll get it added to the agenda:
> 
> * Security section of Routed Services Futures Report
> * MANRS mini-step: Running Spoofer
> * Wiki space: where to start on updating?
> * Last call for WG Charter comments
> * (hopefully) vice-chair introduction
> 
> Thanks for your attention and participation!
> 
> Cheers,
> 
> Jesse
> --
> Jesse Bowling
> ITSO::Security Architect & CSIRT Program Manager
> jesse.bowling[AT]duke.edu::919-660-1073
> 334 Blackwell St::Durham, NC::27701

--
Jesse Bowling
ITSO::Security Architect & CSIRT Program Manager
jesse.bowling[AT]duke.edu::919-660-1073
334 Blackwell St::Durham, NC::27701

Attachment: signature.asc
Description: Message signed with OpenPGP