Untitled Document

Minutes Salsa-CSI2 Conference Call
October 12, 2006

*Attending*
Chris Misra, U. Mass (Chair)
Kevin Amorin, Harvard
Nick DePetrillo, OSHEAN
Brian Smith-Sweeney, NYU
Joe St. Sauver, U. Oregon
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

*Action Items*
[AI] {Chris} Touch base with Doug to plan face-to-face REN-ISAC
meeting in conjunction with the security professionals meeting in
Denver (April 2007).

*Carryover Action Items*
[AI] {Chris} Connect with Brian re: NYU as second data source for the
shared darknet.
[AI] {Doug} Distribute NICT information.
[AI] {Chris and Doug} Connect with NoX GigaPOP folks for Arbor information.
[AI] {Phil} Develop public-quality material on RENOIR for sharing with folks from Japan and others.
[AI] {Chris} Create project plan on using UMass for first data source for shared darknet.
[AI] {Nick} Normalizing data and noise reduction -- put together suggestions of what makes sense to be done at the end-user site and what makes sense to do centrally (to list and to wiki).

*Discussion*
Chris reported that the REN-ISAC technical advisory group survey results summary report should be disclosed to the REN-ISAC group on Monday.

There was a discussion about the timing and nature of the proposed REN-ISAC face-to-face meeting at the Security Professionals Conference in Denver (April 10-12 2007). The conference ends on Wednesday at noon, then there will be half-day session for REN-ISAC Wednesday afternoon. The cost will either be zero or very low to encourage attendance and a dinner will follow. There may also be a CSI2 dinner at the conference, day TBD
http://www.educause.edu/sec07/.

Chris will touch base with Doug concerning the content of the REN-ISAC session at the Security Professionals Conference, but said he sees it as technically focused. If working group members have thoughts about meeting content, either email the list or Chris directly.

*Data noise reduction*

Nick said the DShield program is up and running internally at OSHEAN and he has four universities lined up to participate.

There was a general discussion about how data will be characterized and whether raw data would be graphed or color-coded to make it easier to visualize. Nick said the data would be captured raw and accessible in plain text. At some point, it should be possible to create graphs roughly showing known "good" data, "bad" data, and everything in between. Perhaps some of the "known junk" could be identified at the member site before being downloaded to the shared darknet.

*Other topics*

There was a consensus that there would not be a formal CSI2 meeting at the Internet2 member meeting in Chicago in December.

Brian asked about whether there were other deliverables the working group should be paying attention to, as outlined in the CSI2 charter. Chris will add this topic as an ongoing agenda item and encouraged working group members to visit the web site and review the charter. The main focus will be continuing progress on the tools already under development. But if members have other areas of interest, they can post to the wiki.

In discussion the charter, Chris mentioned that the working group is expected to create a document similar to NetAuth Strategies for Automating Network Policy Enforcement Document. The goal is to complete this document within 12 months of the CSI2 group charter acceptance.

The next call is scheduled for Thursday, October 26, at 2:30 pm EDT.