geant GÉANT: Addressing Complex Security Requirements for Network Services in Multi-Domain Environments

This paper has been written in order to present a multipart approach to securing multi-domain services within the GÉANT network. Due to the complexity of the environment we have chosen the security-in-depth approach for securing GÉANT multi-domain services. As part of the layered approach, we secure the application layer (by providing knowledge on secure programming with training, cookbooks and an on-demand expert consultancy team) as well as its environment (by performing risk assessments and penetration testing). Finally, procedures for developing processes for handling multi-domain incidents, together with testing them during fire-drills have been created. These multi-layered solution approaches have been combined into an optimal solution, drawn from the knowledge and experience of security experts from European NREN CERT teams. The proposed approach to securing services is encompassing of all security requirements for a multi-domain environment thereby, minimizing the probability of introducing security bugs into the release phase of all multi-domain systems. An area of improvement for the task to implement is that of security awareness among non-security people. Whilst their level of awareness is growing, it should be supported with formal or organizational obligations to request security audits or periodic reviews. Numerous security exploits on different levels have been found and resolved. At present the current case study is limited due to some of the components described in this paper having been in production for a short period of time, therefore the results are still been processed. Of those results already gathered, several beneficial outcomes have been derived. Experiences and the approach taken to protect multi-domain services and systems in the GÉANT project will be beneficial for the participants of other Research & Development projects. Also that the steps taken to improve and secure code will be used as a basis for implementing security where software is being developed – and, more generally – for those who are going to protect large software-oriented projects.



  • Gerard Frankowski, PSNC
  • Tomasz Nowocień, PSNC
  • Wayne Routly, DANTE

Part of session

Security and Governance

Related documents