> On Feb 4, 2015:11:25 AM, at 11:25 AM, Linda Dunbar <[email protected]>
> wrote:
>
> Russ,
>
> Thank you very much for the suggestion of framing in terms of services. What
> do you think with the following changes to the I2NSF charter with your
> suggestions added?
>
> In a nutshell, The Interface to vNSF (I2NSF) allows clients to communicate
> their specific security policies (request/monitor/report) to security
> functions. I2NSF will specify a vNSF framework, requirements for
> programmatic interface to vNSF devices (configuration and dynamic
> programmatic) , and Information and Data models for security functions'
> Operation, Administration, Maintenance and Provisioning (OAM). The
> information models will include the following security functions:
Why wouldn't you do the models for those OAM functions where those
functions are modeled already? I don't see the need for a special WG that
creates a subset of models that can done elsewhere like in LIME, or the Routing
Area groups that are already chartered to do this stuff.
This leaves just doing requirements and a framework for this proposed
group, which without clear goals to build things from is a WG looking for a
reason to exist rather than the other way around.
--Tom
>
> * Firewall
> including various services associated with FW, such as stateful or deep
> packet inspection, packet/flow/stream filtering and redirect (remote and
> local), etc
>
> * Intrusion Detection System/ Intrusion Prevention System (IDS/IPS)
> Including intrusion detection (flow/stream pattern matching)
>
>
> Linda
>
> -----Original Message-----
> From: i2rs [mailto:[email protected]] On Behalf Of Russ White
> Sent: Tuesday, February 03, 2015 7:35 AM
> To: 'Susan Hares'; Linda Dunbar; [email protected]
> Cc: [email protected]; [email protected]
> Subject: Re: [i2rs] revised charter for I2NSF
>
>
> Interesting concept. One thought that might be helpful --
>
>> * Firewall
>> * DDOS/Anti-DOS
>> * Intrusion Detection System/ Intrusion Prevention System
>> (IDS/IPS)
>> * Access control/Authorization/Authentication
>
> I think I would try to frame things in terms of services, rather than
> devices, or a mix of the two. For instance -- what does a "firewall" really
> do? Stateful packet inspection, deep packet inspection, and... ?? So maybe a
> list something like this might make sense -- (and remember, this is
> brainstorming, nothing more) --
>
> - Stateful packet inspection
> - Deep packet inspection
> - Packet/flow/stream filtering (remote and local)
> - Packet/flow/stream redirect (remote and local)
> - Intrusion detection (or perhaps flow/stream pattern matching?)
> - AAA
>
> Don't know if this is a useful line of thought or not.
>
> :-)
>
> Russ
>
> _______________________________________________
> i2rs mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/i2rs
>
> _______________________________________________
> i2rs mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/i2rs
>
_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs
