*Action Items*
[AI] {Marty} will draft an outline/description of the flow document.
[AI] {SteveO and Marty} will finalize the flow document and post it to the WG's
web site.
[AI] {Marty} will send a 'last call' for input to the charter to the group via
the list.
[AI] {Mark} will convey to the list his experience with flow-export.
[AI] {Marty} will poll the group via the list for participation in the July
1 WG meeting.
*Participants*
Marty Schulman, Juniper Networks/Internet2, Chair
Rich Cropp, Pennsylvania State University
Mark Poepping, Carnegie Mellon University
Steve Olshansky, Internet2
Terrie Clark, Internet2
*Discussion*
The group discussed documenting flow collection and analysis addressing the
following:
-Universal problem definition;
-Public domain tools and solutions for the problem;
-A survey of commercially available solutions for the problem;
-Institutions that have implemented solutions;
-A diagnostics overview; and
-Potential legal issues.
Another document proposing methods to manage security by managing behavior and providing active feed back was discussed. For example, active scanning is possible. And, firewalls, in addition to decreasing the effectiveness of active scanning, also reduce the need for active scanning. How can flow behavioral tools address the situation? Perhaps by profiling data and behavior.
The group discussed documenting recommendations about functionality that may
impact network architecture including:
-Stateless filtering;
-Router access control lists;
-Firewalling;
-Source address verification; and
-Flow-export.
The group discussed documenting and defining audit tools and network authorization
activities within an architectural context. This document could, for example,
address:
-Where in a typical network to perform the collection functions;
-How to perform audit data collection;
-What type of summary information to collect;
-What fields to collect; and
-What are the peering points.
The group discussed producing a solutions/capabilities document addressing:
-A description of the solution/capability;
-The purpose of the capability;
-The importance of the capability;
-Concerns about the capability;
-Listing the solution’s capabilities; and
-Instructions on how to use the solution.
An additional document could address tactical issues – implementation, scaling, etc.
The group has several goals with the documents:
-To recommend a common implementation of solutions;
-To recommend implementation techniques; and
-To quickly address issues impacting a large number of institutions.
Further elaboration of the matrix could produce guidelines and a taxonomy.
The group decided to draft an outline/introduction to flow document and to develop an architectural taxonomy.
This group is dormant until further notice.