Minutes Salsa-CSI2 Conference Call July 6, 2006

Minutes Salsa-CSI2 Conference Call
July 6, 2006

*Attending*
Phil Deneault, WPI
Chris Misra, U. Mass (Chair)
Kevin Amorin, Harvard
Dave LaPorte, Harvard
Brian Smith-Sweeney, NYU
Doug Pearson, Indiana/REN-ISAC
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

*New Action Items*
[AI] {Phil} to develop prototype for RENOIR schema.
[AI] {Doug} to send links to design documents for NewNet.
[AI] {Chris} to have discussion with EDDY folks on data-centric issues.
[AI] {Phil} to create a brain-dump from the recent Northern Crossroads (NoX) meeting, where he was getting feedback on RENOIR.
[AI] {Brian} will put sketches of NYU system/process on wiki.

Carryover *Action Items*
[AI] {Doug} and Chris will figure out status of the project plan document regarding submitting data through REN-ISAC.
[AI] {Nick} will be ready to discuss application-level noise reduction on next call. Will explain all of the documents and procedures.
[AI] {Nick} needs to post content to the new category on the wiki (technical procedure for submission of data). Also, application noise reduction, involving procedures for local filtering.

*Discussion*
NewNet meeting: There were no discussions related to security. There was a related discussion on the proposed commercial Internet component to the NewNet service. Anticipate fewer connectors in NewNet, with an emphasis on GigaPoPs as connectors.

Data-sharing and RENOIR: How to handle all of the data we've been getting into RENOIR. Now have a better idea for how to handle data-sharing – shared darknet now, with more data-sharing and input sources expected down the road.

In terms of shared darknet and RENOIR, we're sending data with the assumption that REN-ISAC will process and generate appropriate XML and put it into RENOIR. Prior to that step, we need to figure out what want to get out of shared darknet and other shared sources.

We could do some rudimentary planning on data and correlation. One approach is to discuss data-centric issues with EDDY folks who have done data transport, correlation, aggregation, and see if there is an intersection with our needs.

Current darknet reports provide an institution with a list of observed hosts hitting into the darknet. Perhaps a more useful way to approach this for RENOIR is to concentrate on the unknowns. For example, REN-ISAC can put such things as port scans into a list of "knowns" and provide a list of "unknowns." At the RENOIR level, it may be possible to discover a pattern out of seemingly random data from multiple sources.

Next call: July 20.