DIADEM Firewall (Distributed Adaptative Security by Programmable Firewall) 9-10 March 2004 Yannick CARLINET (France Telecom R&D)

Transcription

1 (Distributed Adaptative Security by Programmable Firewall) 9-10 March 2004 Yannick CARLINET (France Telecom R&D)

2 Fact sheet 7 partners from 6 countries 4 academic partners: University of Tübingen (germany), Imperial College London, JSI (Slovenia), GET (France) 1 manufacturer: IBM Zürich 2 telecom operators: Polish Telecom, France Telecom STREP 30-month duration Started in January 2004 D2 - March 2004

3 Introduction Security is a key issue 50% of all the companies have been attacked in 1998, and 74% in 2002, representing a cost of billion of dollars according to InformationWeek Research Broadband access very popular leverage for DDoS attacks, Viruses, Worms, users with poor knowledge in computer science users with little care for security issues Current solutions (firewalls, filtering routers) have significant shortcomings: single access point enforcing security policies all-or-nothing behavior no control at all in some zones (enabling source-address spoofing) distributed attacks application-level attacks need for providing enhanced intelligence in the access network D3 - March 2004

4 Project objectives Develop a novel and comprehensive security solution for secure broadband services Architecture of a distributed broadband firewall Policy-based techniques for automated configuration, decision-handling, and coordination between the enforcement points Distributed adaptive protection against DDOS High performance using programmable hardware for classification, filtering, sampling and measurements Openness in order to permit the introduction of new services (multimedia, VoIP, P2P) with limited investment Enhanced detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic Automated intrusion detection Automated intelligent response to security violation Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components Deploy in meaningful testbeds and disseminate results D4 - March 2004

5 Project key issues Architecture for provider-controlled distributed firewall High-speed edge devices Distributed monitoring Effective application traffic monitoring Develop and deploy enhanced techniques capable of detecting a wide range of security violations Generation of new security policies in response to security violations Coherent and efficient deployment of security policies in the distributed firewall components, at the appropriate locations protection against DDOS (Distributed Denial of Service) attacks Define open interfaces to allow a firewall product to be part of the distributed architecture D5 - March 2004

6 Issues for collaboration with other projects Collaboration for participation in standard bodies (DEFCon, IPSP) Inter-domain QoS or SLS (project MESCAL) Programmable equipments Monitoring systems, probes (cluster MOME) Security architecure (project MAGNET) D6 - March 2004

7 Contact person project coordinator: Yannick CARLINET (France Telecom R&D) Web site: D7 - March 2004