Internet2 members face the increasingly difficult issues of security in a networked world, challenges that are compounded by the demands that high-performance networks and advanced applications can make. Performance requirements such as high-bandwidth, end-to-end transparency, and support of new protocols are essential for the academic mission and innovation, but are not easily accommodated in current approaches to network security. Many security issues are best addressed proactively, in the context of network architecture and management, rather than reactively as network security issues. Over the long term, the challenge is to identify and examine these issues, such as Grid requirements around firewalls, or the campus networking issues created by dedicated circuit services.
The Internet2 Security Initiative balances the need to develop tools that address today's security problems, with a long-term focus on the integration of security, high-performance networking, and advanced applications. This work falls under EDUCAUSE/Internet2 Security Task Force and is advised by Salsa, a group of leading campus network security architects.
A current area of interest for the Internet2 Security Initiative is the development of new mechanisms that leverage community, such as shared darknets and interrealm forensic tools. The Computer Security Incidents - Internet2 (CSI2) Working Group, working with the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), has begun to implement a shared darknet among campuses. The Research and Educational Networking Operational Information Retrieval (RENOIR) system provides a common mechanism and format for submission and transmission of security incident reports to a central repository. By providing a structured way to gather the same information about each incident, the system allows for aggregation and analysis of data from many sources. By enabling the transfer of the data in a structured and secure way, RENIOR may be the basis for sharing security information across organizations in real-time.
Looking forward, new capabilities in network access controls and federated network access controls are needed. Efforts to date have provided a useful reference model and identified good practices and best-of-breed code. The next step is collaboration with efforts underway in the Internet Engineering Task Force (IETF) and the Trusted Computing Group to define new specifications that will permit standards for interoperability.