root / templates / getinfo.html @ 548848ba
History | View | Annotate | Download (3.3 kB)
| 1 |
{% extends "base.html" %}
|
|---|---|
| 2 |
{% load i18n %}
|
| 3 |
{% block extrahead %}
|
| 4 |
|
| 5 |
|
| 6 |
<style type="text/css"> |
| 7 |
#console {
|
| 8 |
background: none repeat scroll 0 0 #36102a !important; |
| 9 |
color: #edeae8 !important; |
| 10 |
font-family: monospace !important; |
| 11 |
} |
| 12 |
.message {
|
| 13 |
font-family: monospace !important; |
| 14 |
} |
| 15 |
.tooltip {
|
| 16 |
display:none; |
| 17 |
background:transparent url(/fodstatic/black_arrow.png); |
| 18 |
font-size:12px; |
| 19 |
height:70px; |
| 20 |
width:160px; |
| 21 |
padding:25px; |
| 22 |
color:#fff; |
| 23 |
} |
| 24 |
|
| 25 |
</style>
|
| 26 |
{% endblock %}
|
| 27 |
{% block title %}{% trans "Info" %}{% endblock %}
|
| 28 |
{% block breadcrumbs %}<li class="active"><span class="divider">/</span>{% trans "Info" %}</li>{% endblock %}
|
| 29 |
{% block content %}
|
| 30 |
{% csrf_token %}
|
| 31 |
<div>
|
| 32 |
|
| 33 |
<h5>{% trans "Intro" %}</h5> |
| 34 |
{% blocktrans %}Firewall on Demand service provides potential users (educational and academic community) the option to protect their networking equipment against network attacks and threats.
|
| 35 |
|
| 36 |
In particular, the service is targeted at network operators of GRNET's institutions who have needs for short-term protection against network attacks with destination, equipment they operate. |
| 37 |
To ensure the integrity of the service and in order to prevent the service being a source of attacks, the authentication of users is done via Shibboleth. The authorisation is based on a combination of Shibboleth attributes with the address space that each organization manages. |
| 38 |
The software chosen to implement the service is solely based on open source. |
| 39 |
Requests or clarifications concerning the operation of the service should be submitted to GRNET Helpdesk via phone at 800-11-47638 or via e-mail to helpdesk-at-grnet.gr. |
| 40 |
|
| 41 |
|
| 42 |
{% endblocktrans %}
|
| 43 |
<h5>{% trans "Joining the service" %}</h5> |
| 44 |
{% blocktrans %}Joining the service requires the appropriate configuration of certain Shibboleth attributes{% endblocktrans %}:
|
| 45 |
<ul>
|
| 46 |
<li>HTTP_EPPN</li> |
| 47 |
<li>HTTP_SHIB_HOMEORGANIZATION</li> |
| 48 |
<li>HTTP_SHIB_INETORGPERSON_MAIL</li> |
| 49 |
<li>{% blocktrans %}An appropriate HTTP_SHIB_EP_ENTITLEMENT which is provided by GRNET Helpdesk{% endblocktrans %}</li> |
| 50 |
</ul>
|
| 51 |
{% trans "Optionally" %}:
|
| 52 |
<ul>
|
| 53 |
<li>HTTP_SHIB_INETORGPERSON_GIVENNAME</li> |
| 54 |
<li>HTTP_SHIB_PERSON_SURNAME</li> |
| 55 |
</ul>
|
| 56 |
<h5>{% trans "Use" %}</h5> |
| 57 |
|
| 58 |
{% blocktrans %}The service enables users to mitigate active attacks aimed at their network equipment.
|
| 59 |
It is based on the creation of dynamic firewall filters that are applied to the network using the management protocol NETCONF and are propagated to compatible (Juniper) backbone network devices via BGP flowspec NLRI. |
| 60 |
In order to properly complete the application for a new filter is essential that the destination address belongs to the user's administrative network. Currently attacks are limited per /29 subnet. |
| 61 |
Requests for new filters are applied directly to the network and therefore users should pay extra attention in their request. Filters that have been applied to the network are removed after their expiry date, and users can activate then again by selecting the corresponding option. |
| 62 |
Moreover, users are given the option for early deactivation of their requests. |
| 63 |
{% endblocktrans %}
|
| 64 |
|
| 65 |
<h5>{% trans "Security" %}</h5> |
| 66 |
{% blocktrans %}For security reasons, the submission of requests is monitored by the administrators of the service.
|
| 67 |
The service administrators may at any time remove active requests from the network, if this is deemed necessary{% endblocktrans %}
|
| 68 |
</div>
|
| 69 |
{% endblock %}
|