[fi-rg] FW: [security-area] Input for GGF-14

Ralph Niederberger r.niederberger at fz-juelich.de
Mon Jun 20 02:45:24 CDT 2005 

FW: [security-area] Input for GGF-14hello,

unfortunately I will be out of office at Tuesday, June 21th  (btw. you meant June not July I think (;-) ).

Nevertheless I also think that the structure is ok. The subsection concerning "list of possible solution" Thijs mentioned I think is already included or can be included into the Classification chapter, where we segment grid applications known to "firewall devices" available and where we should have a section 'Applications not solved by current "firewall devices" on the market'. 

I could contribute with a chapter on high speed firewalls and loadbalancing firewalls available today. 

I will be available in Chicago at GGF14.

And here is a little bit input for things to be considered:

"Most sites secure their common external network connections by conventional firewalls. Current policies allow grid applications to traverse these firewalls by specifying access lists opening special ports or port ranges. Often application gateways are used also.Using application level gateways provides a way to minimize administrative activities configuring firewalls by automating routine work. They fail where high performance data connections are needed. Most of the currently available firewall systems cannot be used, if applications want to transfer data at gigabit or multi-gigabit per second speed. Application level firewalls will hinder transmissions in those scenarios.
Dynamic firewalls provide a way for automatic configuration through a management instance. Human interaction leading to delayed execution of configuration will be avoided. Special protocols for authentication and authorization are under development currently. Nevertheless,  these dynamic firewalls cannot deal with high bandwidth demands.

High speed firewalls, load balancing firewalls, firewall farms, and alternative firewall concepts are on the way. Currently available new firewall systems allow data transfers up to 10 Gb/s, but are not able to handle multiple 10 Gb/s connections. Load balancing firewalls are helpful having a huge amount of small data streams, but cannot cope with a single high bandwidth data communication or special traffic classes. New firewall paradigms have to be developed in the future dealing with such scenarios. It will be of main interest to foster such developments giving input to the designers what high speed applications really need, how they are designed and how they should interact with these firewall resources." 

Regards

Ralph

**************************************************

 Ralph Niederberger          

 Research Center Juelich
 Central Institute for Applied Mathematics
 John von Neumann Institute for Computing
 D-52425 Juelich

 Forschungszentrum Jülich GmbH
 Zentralinstitut für Angewandte Mathematik
 John von Neumann Institut für Computing
 D-52425 Jülich

 Tel.: +49 2461 61 4772                    
 E-Mail: R.Niederberger at fz-juelich.de
 

  ----- Original Message ----- 
  From: Inder Monga 
  To: 'Fi-rg at ggf.org' 
  Cc: 'Leon Gommans' 
  Sent: Friday, June 17, 2005 7:57 PM
  Subject: [fi-rg] FW: [security-area] Input for GGF-14


  Hi All, 

  Thanks for the interest shown to join the FI-RG project group. 

  This is a follow-up to the request Leon sent before on the write-ups before the upcoming GGF meeting. Leon and I are proposing a 1 hour telecon next week to sync up and stir up conversations before the GGF so that the f2f meeting in Chicago is even more productive.

  The agenda for the meeting would be: 
  1. Introduction/comments on charter                             10 mts 
  2. Agenda for the upcoming GGF Meeting 
          Discuss ideas for contributions/presentations           20 minutes 
  3. Discussion on the scope and structure of Document #1         20 minutes 

  The proposed date/time is Tue, July 21st at 15:00 UST, 11AM EST, 8 AM PST, 17:00 CEST. 
  The telecon bridge details are: 

  PSTN Dial-in: 919-997-8152 
  Access Code: 2488101# 

  Please let Leon or me know your availability, comments on the proposed agenda.. 

  Best regards, 
  Inder 



  -----Original Message----- 
  From: owner-security-area at ggf.org [mailto:owner-security-area at ggf.org] On Behalf Of Leon Gommans 
  Sent: Friday, June 03, 2005 3:41 AM 
  To: fi-rg at ggf.org 
  Cc: security-area at ggf.org 
  Subject: [security-area] Input for GGF-14 



  GGF-14 is approaching fast. It took us some time and 
  further discussions to get the charter approved by the GFSG however everything is now arranged. The mailing list and gridforge (https://forge.gridforum.org/projects/fi-rg) has now been setup for the group. We still need to be listed on the index pages on the GGF web, however this is being looked at.

  If you like to contribute to our group, please send Inder Monga 
  (imonga at nortel.com) a memo so he can add you to our project. 

  Before GGF-14 I like to have some structure on the first chartered document.  This document should address the type of issues the grid experiences with several types of firewall-style devices.

  A possible structure of the document could be: 

  Name: Firewall Issues list and classification. 

  1. Introduction. 
  2. Definitions. 
  Definition of terms used in the document. 
  3. Devices. 
  Listing and describing the functionalities of various firewall-style devices to be considered. 4. Issues. Listing and describing the types of issues with examples grid applications see with using devices listed in chapter 3. This chapter may do this 

  arranged by 
  example. A structure will be analysed in chapter 5. 
  5. Classification. 
  A classification and analsyses of the issues described. 
  6. Conclusions. 

  Please feel free to comment on the name of the document and above structure. 

  If you consider the charter, subsequent documents will analyse various 
  standards and 
  mechanisms, define shortcommings and maybe solutions. First we look at 
  IETF protocols 
  and architectures. Another document will consider the other mechanisms. 

  Please consider sending me a few lines on the issues you think a important to be covered in this document.  Consider this as input to chapters 3 and 4. Together with the input presented at the last GGF we should try to put some already meat on this document before GGF14.

  Kind regards .. Leon Gommans. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/fi-rg/attachments/20050620/206aeb45/attachment.htm

More information about the fi-rg mailing list