*Attendees*
Jim Pepin, USC
Rodney Petersen, Educause
Renee Frost, Internet2
David Wasley, Independent
Chas DiFatta, CMU
Kevin Miller, Duke
Terry Gray, U. Washington
Deke Kassabian, U. Penn
Doug Pearson, REN-ISAC/Indiana
Joe St. Sauver, U. Oregon
Steve Olshansky (scribe), Internet2

*Discussion*
Educause/Internet2 Security Task Force (STF) strategic planning process underway... Topics under consideration:

• New tools and technologies
• REN-ISAC
• DNS (DNSSEC) and management
• CSI2 – info sharing
• MW/IdM – how to partner with NMI-EDIT activities
• IdM seminar at Sec. Prof. Conference
• STF Wiki – IT security and practices
  • Will include link to IdM CG and MW CG

What is the role of security in the I2 plans going forward?
Expectation management? I2 will protect connectors?
Firewalls (or security perimeters in general) being pushed toward the edge – not well managed or documented...

• Works against stability...
• Credit Card processors requiring campuses to have firewalls

Should Salsa be more proactive in proselytizing? Security should be around collaborative groups v. around campuses? Is the network now the VO, not the physical organization?

It would be useful for Salsa to help steer the JT program...

Is the world of the future one of overlay/VOs, or gated communities?

How many connected activities on campus? How can these be managed?
     - Management by exception doesn’t scale, need architectural approach

Do customers know what they really need? Making demands, but are they well-informed and do they fit into the bigger picture? VLANs and gated communities seem to be what they are asking for...

Use trust-mediated transparency strategies to enable connections...

NAC approaches being discussed:

• DHCP/registration (cleanliness/health check)
• 802.1x (large dependency chain)
• IPSec

Architectural response to management by exception – find small number of classes of separate worlds...

Let communities of interest be the drivers, not network managers...

David Farmer’s 5 classes of network access:

1. Wide open
2. Quarantine
3. SCADA device
4. Believed to be more trustworthy friends
5. [?]

Different TTL for network registrations, based on class?

How does CALEA fit into this picture, e.g. perimeter control?

Instead of default being an open world, maybe default is private address in a protected world, and you then need to request access to the outside...

How do trust assertions fit into this picture?

Perimeter defenses (firewalls) not effective when everything is routed over ports 80/443, trust assertions then logically play a greater role...

Should not assume that researchers and network managers (firewall admins) trust each other

Is trust related to the tools? No...

How can we reduce the friction for researchers created by network security?

Fault-tolerance – researchers who are prevented from doing what they need/want to do will find other ways...

Diffserv – to protect good apps (web and email) and scavenge other services – games, file-sharing, Skype

How to move beyond address/port for identifying traffic? Can’t inspect encrypted payloads.

Would users trust a published description of expected behavior?

Need to keep user-level tools simple, or expect revolt or non-use.

Some users have passed the threshold of spam overload and are moving to IM...

Geographic v. virtual security models conflict.

Using firewall as a moderating device is a problem, need a viable alternative.

The farther the distance between the security and the knowledge, the more problems created

How is IPSec tunnel really different than tunneling over port 80?

Who do I want to communicate with, v. who am I afraid of, who do I want to be isolated from?

If my peers all agree to be in a class with me in order to communicate, would this solve anything? Unix group model extended?

Defense in depth, push security down to the host, is this really the way to go?

Passive control workable, active control becomes problematic

Hardening DNS

• Close open recursive servers
• Do BCP38 filtering on the edge

Useful tools:

• DNSreport.com
• dnstop

Open recursive servers are a serious problem - open to cache poisoning

===

Spam reduction (Joe’s slides)

• Trends toward higher volume, and larger graphic spam being sent
• Look at nameservers used by spamvertised domains, becoming a more common tool – nameserver reputation
• Look at DNS TTLs also
• Spam tools becoming better, in turn spammers becoming more creative – arms race...
• Europe becoming major source of spam, how best to collaborate with our international peers?