Time | Item | Who | Notes |
---|
| Firewall On Demand (FoD) |
| - (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
- FoD v1.6 = FoD with automated rule proposal from RepShield
- FoD v1.5 Pilot UAT testing
- Existing user documentation (as presentation document, especially regarding rule control REST API) should be extended to a proper document, e.g. to be used in future user trainings
- Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5
- Third UAT VC: feedback from pilot users:
- LITNET: https connection issues for UAT server
- EENET: format restriction for names of rules?
- EENET: it maybe useful to at least extend the statistics interval to 7 days (current auto expire maximum time)
- EENET: are graphs continued after expiring and reactivating?
- LITNET and EENET have both DDoS detections based on nfsen (mainly for UDP attacks), as well as volume-to-host threshold checking (e.g. based on Cacti), LITNET currently is investigating also into FastNetMon
- LITNET (also EENET) have mostly short attacks, 5-10 min
- EENET: attacks from GEANT+Nordunet link
- EENET started to test REST API, e.g. nice would be possibility to reactivate a rule every week after auto timeout
- idea (LITNET): for single attacker IP address+port allow to block traffic to whole subnet (also bigger than /29) to mitigate e.g. scanning attacks
- issues on FoD test machines: firewall configuration was lost and had to be restored; local puppet interfered with FoD when trying to reinstall old FoD file versions
- Hands-On during this VC on FoD test server:
- TCP/UDP Port 0 specification tested with real traffic
- allowed any length for TCP/UDP port ranges (initially it has been limited to 100 because of concerns regarding BGP FlowSpec performance)
- increased setting for max length of mitigation stats from 1 day to 7 days: effect on graphs will have to be checked; ideally zooming features should be implemented
- increased setting for max auto expiration time of rules from 7 days to 30 days; issues with JavaScript DatePicker have still to be investigated
- added link for JSON data export of mitigation statistics
- => after further checking: resulting config updates and a new rpm with new modifications should be installed on FoD UAT server to allow pilot users to test modifications
- FoD v1.5 production service documents
- Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
- Especially for the operative documents this will be done in close cooperation of Evangelos
- For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
- Evangelos will check the service template to get acquainted with it
- FoD v1.6 (with RepShield) development/testing/pilot:
- DDoS simulation/testing: configuration changes in test flowmon instance have been done: now it possible to simulate/test DDoS attacks with one of the FoD test machines as victim from anywhere, e.g. using hping3 tool
- Hands-On during this VC on FoD test server:
- test warden/repshield: some components were not running any more: has been fixed during VC
- test flowmon instance obviously stopped exporting it's alerts to test warden since 01.12.2017; needs to be investigated
|
| DDoS Detection/Mitigation (D/M) WG |
| - GARR DDoS D/M PoCs/Testing Framework
- GARR DDoS working-group F2F meeting took place: agreed to do a joint experimentation in the coming months.
- => test Radware washing machine with GARR user; detection systems: FastNetMon, Security Onion, a smaller Radware box and others
- In next days: start Radware PoC
|
| RepShield/NERD |
| - RepShield/NERD development: some performance improvements
- Silvia/Nino will check how to share alert data from their FastNetMon PoC to Warden, Václav will support them in writing/installing Warden filer script for exporting
|
| T6 Code on Github |
| - Nicole Harris still needs to grant write permission to Tomáš and Václav to publish code on GEANT github
|
| Next VC |
| In 2 weeks: 07.02.2018, 14:15-15:15 CE(S)T
|