System Security and Advanced Network Planning
This group's work during the year
focused on computer security, the NLM network, and the Next Generation Internet.
Computer security concentrated on the refinement of access controls and the
development of a security classification organization. A Secure Subnets working
group developed a classification of NLM systems that categorizes each system
by the level of network access required between that system and the Internet. The
first phase of the Secure Subnets initiative has been implemented, with most
of the desk-based systems placed on subnets that are not accessible from outside
NLM. These systems can themselves access sites outside NLM but transmissions
originating outside of NLM cannot access them. The effect of this grouping
should be to make these systems far less vulnerable to external security attacks.
Work on the network has continued
with the development of a gigabit backbone. The existing Cisco Catalyst switches
will be replaced by Extreme switches with significantly larger bandwidth capacity.
The Extreme switches can handle gigabit connections to the desktop. These
switches will be connected to two core gigabit switches (Extreme Black Diamond)
that will provide a redundant connection between the local switches, the Next
Generation Internet (NGI) networks, and the Internet. The end result will
include fully redundant paths from NLM to the Internet.
NLM's Next Generation Internet project,
which was started last year, was further developed by the addition of connections
to the Abilene network and to the NGIX-DC. Last year, NLM was connected to
two NGI networks, the vBNS (very high speed Backbone Network Services) and Abilene.
The current connections are to Abilene and the Federal NGI network DREN, the
Department of Defense Research Network. Connection to the NASA Research Network
(NREN) is expected next year. The NGI networks are being used for multimedia
applications involving voice and video. The Abilene network supports full
IP (Internet Protocol) multicast. That mode is used to receive and transmit
multicast voice and video sessions.
|