Versions Compared

Old Version 5

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Network Slicing Security Enhancement Security Call Data Record presentation by David Armbrust from MITRE

View file
nameSCDR-Presentation-SECCOM.pptx
height250

STAY TUNED: At the upcoming DTF in Seattle MITRE will demonstrate one use case: detection of stolen  

startedFinishing the RACI Matrix

https://wiki.onap.org/display/DW/Project+State%3A+Unmaintained

Some description modifications "or Delegated" in the TSC responsibility + TSC should be on updates.

ongoingPresent updates to TSC (Muddasar).

List of cryptographic protocols used in ONAP

Currently existing Wiki is not updated:

We could link to IANA with list of cypher up to date:

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

To consider default choice as best practice to use.

We focus first on the external API communication for the cyphers.

Tony proposed to make a direct reference per table to IANA in SECCOM Wiki.

ongoingPTLs meeting

SECCOM Kohn upgrades status update:

DMaaP is finding false positive misidentification - waiting for more details from Fiachra.

stolen or maliciously used credentials from authorized connections but anomalous locations.

Enterprise can use information exposed by SCDR records to identify suspicious behavior in their network slice​.

started

Update on the Security Logging Fields and Global

Requirement  - need PoC for Python based containers. For Java based containers PTLs should strat adopting that. 

Requirement  

We need to have a volunteering PTL for Python container.ongoingWe come back have to PTLs at the next meeting with next update.TSC meeting

Catherine moving to TAC, not clear who is going to be a new TSC chair

3GPP YANG models usage and licensing problem – storing source code

ongoing

LFN projects after Amy’s discussion with Ranny

Security SME discussion for LFN TAC: https://wiki.lfnetworking.org/display/LN/2022+Security+SME+seat+role+definition

  • More secure best practices in place, being more proactice 
  • Security expertise provision to TAC
  • Advising TAC on security topics 
started

Update about Sonarcloud 

Bob opened the ticket: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24461?sda_source=notification-email, all languages that are supported, are enabled. Some test, demo or archived code was obsered.closedTicket created by Thomas Kulik New request from Thomas: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24491 resolved - not an issueidentify right PTLs - Bob to generate the list.

Packages upgrades - updatePlease refer to slide no 3. No active PTLs type of projects have 0%. Some improvement achieved. ongoing

SECCOM MEETING CALL WILL BE HELD ON 27th OF September'22. 

Architecture review template to be reviewed.





...

View file
name2022-09-20_SECCOM_week.mp4
height150

SECCOM presentation:

View file
name
Security Call Data Record (SCDR) Presentation:
2022-09-20 ONAP Security Meeting - AgendaAndMinutes.pptx
height150