Salsa Call 5-Oct-06

*Attendees*
Mark Poepping, CMU (chair)
Chris Misra, U. Mass.
Greg Travis, Indiana U.
Doug Pearson, REN-ISAC/Indiana U.
Rodney Petersen, Educause
Ken Klingenstein, Internet2
Renee Frost, Internet2
Kevin Miller, Duke
Steve Olshansky, Internet2 (scribe)

*Discussion*
- CSI2 update and DoJ funds
RENOIR (event-oriented) developer being funded 25%, good progress being made. Shared darknet getting going, UMass, Indiana, and NYU early participants. Potential for a participant from New Zealand as well. Not creating new formats, using netflow and Argus, canonicalized in a local data store. Subset of darknet flow info to REN-ISAC.

DoJ funding has been confirmed, aligning with RENOIR/CSI2 activities and potentially other related operational security areas. Potentially a multi-year arrangement, renewable annually. One or two workshops may well be funded under this award as well, possibly adjunct to the next Security Professionals Conference (April 07 in Denver) and/or Joint Techs. More to come on this later.

- Potential new area for work:
Operational Security - technical best practices => focused on institutions not as well equipped as the top-tier. Many of these folks likely don't attend Security Professionals Conference or Joint Techs, or travel much in general, thus perhaps Educause Regional conferences might be a good venue in which to pursue this. How could this be framed to complement existing activities at the usual conferences, rather than duplicating? Educause is also starting to do one-day seminars, perhaps another option to consider.

Webcasts may be a good option due to obvious travel budget constraints among the target audience, with the added benefit that they can be archived for later reference.

Perhaps we should look at doing this in conjunction with REN-ISAC? How might this relate to fee-based training offered by REN-ISAC, so as to amplify them rather than compete? Is network management in scope, straying beyond security? Not really, we would be more looking at network architecture as it pertains to security. It was noted that there is often an inherent tension on many campuses between security and network management staff, thus the need for both groups to better understand the other.

Is SANS doing something similar to this? E.g. configuring BGP, DNS, etc.? SANS tends to do longer (e.g. week-long) seminars...

It appears that in any case it would be good to link this with Educause and/or REN-ISAC activities.

- Optical Bypass / Firewall Traversal
Optical Bypass - consensus appears to be that lambdas don't *often* show up on campus outside of a/the data center, i.e. not in individual labs or machines, thus security falls into the data center bigger picture (policy border controls, IDS/IPS, flow management, etc.) and probably doesn't pose a big problem as stray one-offs. It could then appear to the user as an isolated virtual network, as appropriate. Perhaps a better way of referring to this is architecting advanced links and integrating them into your campus environment.

GigE seems to fit this same scenario, coming in to the data center as alternate paths. Would a survey of big science sites be useful?

Firewall traversal seems to stand as a separate issue, being more widespread and growing, and thus likely a better fit for our attention in the near term.

[AI] Let's look at putting together a session at the next Joint Techs or NetGuru (Feb. 11-15, 2007 Minneapolis) on one or both of these topics.