Re: [i2rs] revised charter for I2NSF

Wed, 04 Feb 2015 08:25:56 -0800 

Russ, 

Thank you very much for the suggestion of framing in terms of services. What do 
you think with the following changes to the I2NSF charter with your suggestions 
added?

In a nutshell, The Interface to vNSF (I2NSF) allows clients to communicate 
their specific security policies (request/monitor/report) to security 
functions.  I2NSF will specify a vNSF framework, requirements for programmatic 
interface to vNSF devices (configuration and dynamic programmatic)   , and 
Information and Data models for security functions' Operation, Administration, 
Maintenance and Provisioning (OAM).  The information models will include the 
following security functions:

*       Firewall 
        including various services associated with FW, such as stateful or deep 
packet inspection,  packet/flow/stream filtering and redirect (remote and 
local), etc

*       Intrusion Detection System/ Intrusion Prevention System (IDS/IPS)
        Including intrusion detection (flow/stream pattern matching)


Linda

-----Original Message-----
From: i2rs [mailto:[email protected]] On Behalf Of Russ White
Sent: Tuesday, February 03, 2015 7:35 AM
To: 'Susan Hares'; Linda Dunbar; [email protected]
Cc: [email protected]; [email protected]
Subject: Re: [i2rs] revised charter for I2NSF


Interesting concept. One thought that might be helpful -- 

> *         Firewall
> *         DDOS/Anti-DOS
> *         Intrusion Detection System/ Intrusion Prevention System
> (IDS/IPS)
> *         Access control/Authorization/Authentication

I think I would try to frame things in terms of services, rather than devices, 
or a mix of the two. For instance -- what does a "firewall" really do? Stateful 
packet inspection, deep packet inspection, and... ?? So maybe a list something 
like this might make sense -- (and remember, this is brainstorming, nothing 
more) --

- Stateful packet inspection
- Deep packet inspection
- Packet/flow/stream filtering (remote and local)
- Packet/flow/stream redirect (remote and local)
- Intrusion detection (or perhaps flow/stream pattern matching?)
- AAA

Don't know if this is a useful line of thought or not.

:-)

Russ

_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs

_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs

Reply via email to