[I2nsf] 转发: New Version Notification for draft-dong-i2nsf-asf-config-00.txt

Mon, 16 Jul 2018 04:02:00 -0700 

Dear all, 

The action part of the NSF-facing data model listed many security function 
actions, such as antivirus, ips, ids, and etc, that will be applid on traffic 
flow when the event and condition clauses are satisfied. However, I think it 
only list the corresponding names. And each type of the secuity function action 
(i.e. ips, antivirus, etc.) should have many selective profiles that could be 
executed. Therefore, we proposed a draft, draf-dong-i2nsf-asf-config-00, that 
specifies the configuration detail for each of the security function profile 
settings. And the NSF-facing data model is able to reference these profiles.

This -00 version of draft only contains the antivirus, ips, and anti-ddos 
profiles.

* Antivirus: The following figure shows the top-level tree diagram for 
antivirus profile settings. Each profile contains the configuration data for 
detection methods, detection configurations, signature exceptions, application 
exceptions, and the white lists configruations. 

    +--rw antivirus
       +--rw antivirus-enable 
       +--rw profiles 
          +--rw profile *  [name]
          +--rw name
          +--rw description
          +--rw collect-attack-evidence-enable
          +--rw sandbox-detection-enable
          +--rw heuristic-detection-enable
          +--rw detect*  [protocol]
          |  . . .
          +--rw exception-application* [application-name]
          |  . . .
          +--rw exception-signature*  [signature-id]
          |  . . .
          +--rw white-list
             . . .  

* IPS: The following figure shows the top-level tree diagram for IPS profile 
settings. Each profile contains the configuration data for signature sets, 
signature exceptions, and protocol control.

    +--rw ips-config
       +--rw ips-enable
       +--rw profiles
          +--rw profile*  [name]
          +  . . . 
          +--rw domain-filter
          |  . . .
          +--rw signature-sets
          |  . . .
          +--rw exception-signatures
          |  . . .
          +--rw protocol-control
             +--rw dns-check
             | . . .
             +--rw http-check
               . . .

* Anti-ddos: The anti-ddos part contains the configruation of the alter rate 
and/or maximum speed/bandwidth to trigger the prevention functions for each 
type of DDoS attacks.

For more details, please review the draft: 
https://tools.ietf.org/html/draft-dong-i2nsf-asf-config-00

We would like to obatain comments from i2nsf WG. Is this draft valuable as an 
individual draft and will the NSF-facing data model reference these profiles?
We will appreciate all the comments from I2NSF WG.

Best Regards,
Yue

-----邮件原件-----
发件人: I2nsf [mailto:[email protected]] 代表 Dongyue (Yue, Network Integration 
Technology Research Dept)
发送时间: 2018年6月30日 15:11
收件人: [email protected]
抄送: Xialiang (Frank, Network Integration Technology Research Dept) 
<[email protected]>
主题: [I2nsf] 转发: New Version Notification for draft-dong-i2nsf-asf-config-00.txt

Dear All,

We have submitted a new draft about the nsf-facing interface data model for 
configuration of some advanced security functions including antivirus, 
antiddos, and ips. We will appreciate all comments.

Best Regards,
Yue

-----邮件原件-----
发件人: [email protected] [mailto:[email protected]] 
发送时间: 2018年6月30日 15:06
收件人: Dongyue (Yue, Network Integration Technology Research Dept) 
<[email protected]>; Xialiang (Frank, Network Integration Technology Research 
Dept) <[email protected]>
主题: New Version Notification for draft-dong-i2nsf-asf-config-00.txt


A new version of I-D, draft-dong-i2nsf-asf-config-00.txt
has been successfully submitted by Yue Dong and posted to the IETF repository.

Name:           draft-dong-i2nsf-asf-config
Revision:       00
Title:          Configuration of Advanced Security Functions with I2NSF 
Security Controller
Document date:  2018-06-30
Group:          Individual Submission
Pages:          29
URL:            
https://www.ietf.org/internet-drafts/draft-dong-i2nsf-asf-config-00.txt
Status:         https://datatracker.ietf.org/doc/draft-dong-i2nsf-asf-config/
Htmlized:       https://tools.ietf.org/html/draft-dong-i2nsf-asf-config-00
Htmlized:       
https://datatracker.ietf.org/doc/html/draft-dong-i2nsf-asf-config


Abstract:
   This draft defines a network security function (NSF-) facing
   interface of the security controller for the purpose of configuring
   some advanced security functions.  These advanced security functions
   include antivirus, anti-ddos, and intrusion prevention system (IPS).
   The interface is presented in a YANG data model fashion and can be
   used to deploy a large amount of NSF blocks that all support above
   mentioned functions in the software defined network (SDN) based
   paradigm.

                                                                                
  


Please note that it may take a couple of minutes from the time of submission 
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
  • [I2nsf] 转发: Ne... Dongyue (Yue, Network Integration Technology Research Dept)
    • [I2nsf] 转... Dongyue (Yue, Network Integration Technology Research Dept)

Reply via email to