| Time | Item | Who | Notes |
|---|
| Firewall On Demand (FoD) |
| - (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
- FoD v1.6 = FoD with automated rule proposal from RepShield
- FoD v1.5 Pilot UAT testing
- Existing user documentation (as presentation document, especially regarding rule control REST API) should be extended to a proper document, e.g. to be used in future user trainings
- Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5
- Enhancements made based on UAT user feedback are packaged via a new rpm to be installed on UAT test machine so that pilot users can test them: updated on UAT machine so pilot users can test enhancements
- Tomáš' investigation about DatePicker for increased expiration limit and zooming in statistic graphs is in progress
- 4th UAT VC
- Milda: partially tested rule API
- idea: provide support/example how to use REST API in automated manner together with Nfsen
- FoD v1.5 production service documents
- Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
- Especially for the operative documents this will be done in close cooperation of Evangelos
- For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
- Evangelos will check the service template to get acquainted with it
- FoD v1.6 (with RepShield) development/testing/pilot:
- Tomáš has supervised some student work which investigated how to simulate/test a DDoS (amplification) attack; provided results to task
- Analysis of historic DoS events in local Warden (Nov 2017+last 5 days since 2018-02-02): 38 events, can be replayed into local Warden to test/development of FirewallRuleUpdater
- Tomáš and Václav installed a warden client with certificates to also inject events in local Warden (not only fetch stored ones)
- thereby apache certificates were broken; Václav repaired this
- As next step now David can start with proper development/testing of FirewallRuleUpdater script
|
| DDoS Detection/Mitigation (D/M) WG |
| - GARR DDoS D/M PoCs/Testing Framework
- Radware washing machine was installed
- In next week: ARBOR washing machine will be installed, too
- Silvia/Nino are also investigating tools/techniques to simulate/test attacks, especially in order regarding their detection in the ARBOR PoC, e.g., hping3
|
| T6 Code on Github |
| - Nicole Harris granted write permission to Tomáš, Václav and David to publish code on GEANT Github
- => Tomáš published FoD code and this will in future be used as basis for development
|
| GDPR Compliance |
| - Result from 1st VC with GDPR SA2 team
|
| Next VC |
| In 4 weeks: 21.03.2018, 14:15-15:15 CE(S)T, as David is in 2 weeks on a meeting
|
