Salsa call - 14-Jun-2007

Salsa call
14-Jun-2007

*Attending*
Mark Poepping, CMU (chair)
Doug Pearson, REN-ISAC/U. Indiana
Terry Gray, U. Washington
Mike Van Norman, UCLA
Joe St. Sauver, Internet2/U. Oregon
Jim Pepin, Clemson
Chris Misra, U. Mass
Rodney Petersen, Educause
Kevin Miller, Duke
Renee Frost, Internet2
Steve Olshansky, Internet2 (scribe)

*Action Items*
[AI] {Mark} will follow up with Ken about engaging with the Jericho Forum
[AI] {Joe} will send links to the list for some brief security topic papers he has been working on. Feedback is appreciated, along with suggestions for future topics

*Discussion*

- Recap of recent subnet discussion
No one on the list was in favor of trans-campus VLANs and broadcast domains. there was no unanimity locally on Terry's campus about the need for this...

Requests for walled gardens continue. Med Center leadership is now less inclined toward a perimeter defense approach. They are interested in the Jericho Forum approach.

U. Washington is working on a strategy that will work for most of the constituent groups on campus.

Is there interest among Salsa for engaging with the Jericho Forum, to learn more about their approach? [AI] {Mark} will follow up with Ken about this...

Recent conversations with a large OS vendor led to them discussing IPSec end-to-end as their preferred approach for "perimeter" defense. There is some testing underway at some campuses to determine if this is viable cross-platform.

Q: What does IPSec mean for management?
A: If everything is embedded in an IPSec tunnel traffic is not auditable above L3 (aside from host-based controls). Some are deploying VPNs not to increase security per se, but rather as an easy way to tunnel all kinds of applications without having problems with opening other ports on firewalls.

Scalability/management issues for VPNs? I.e. who has the keys to participate in a particular communication channel?

There are some large users taking the IPSec Authentication Header (AH) approach, with the view that it alleviates many performance issues with IPSec.

- DHS "Broad Agency Announcement" (BAA)
3 tiers: early R&D, in development, ready to deploy. White papers are due 27-June-2007, full proposals are due 17-Sep-2007 http://www.hsarpabaa.com/Solicitations/BAA07-09_CyberSecurityRD_Posted_05162007.pdf

- Summer 07 ESCC/Internet2 Joint Techs Workshop
Session proposals are encouraged, you can review the security focus area details in Doug's recent mail to the list (13-June-07) http://jointtechs.es.net/Illinois2007/index.html Proposal for presentation, tutorial, BoF, Vendor Soup or side meeting can made at: http://events.internet2.edu/cfm/index.cfm?event=272

- Euro EduRoam They seem to be moving away from Diameter, Chris and Kevin will follow up with them to learn more about what they are doing, and what if any response is appropriate by FWNA.

- Discussion of recent events and topics of note

- Recent severe DDoS attacks, increasingly targeted and sophisticated There is an opportunity for higher-ed with sufficient capacity to provide mirrors for some high-profile sites who have been attacked, with the caveat that doing so may make your campus a target as well...

- Is anyone using INOC-DBA (hotline) phones, for direct conx to an AS? These seem to be rare out in the field, and not terribly useful in practice. See additional info at http://www.nanog.org/mtg-0505/upadhaya.html

- Zombied PCs coordinated approaches to handling botted hosts?

Also FYI: http://abclocal.go.com/kgo/story?section=local&id=5394947 http://www.pcworld.com/article/id,132907-c,cybercrime/article.html

Microsoft Global Infrastructure Alliance for Internet Safety (GIAIS) http://www.microsoft.com/security/msra/default.mspx

Q: is there a viable "public-health"-like approach to this problem?