SP Security Primer 101

Similar documents
Techniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems

Backscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009

Technology Director Meeting

Techniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems

Building a resilient ICS

Service Provider View of Cyber Security. July 2017

The Fine Art of Creating A Transformational Cyber Security Strategy

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

BGP Route Hijacking - What Can Be Done Today?

Introduction Challenges with using ML Guidelines for using ML Conclusions

Risk Management. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Vulnerabilities. To know your Enemy, you must become your Enemy. Information security: Vulnerabilities & attacks threats. difficult.

Denial of Service Protection Standardize Defense or Loose the War

Trends in IoT DDoSbotnets

DNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

It Takes the Village to Secure the Village SM

Cisco Self Defending Network

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Sun Tzu Meets the Cloud Everything Is Different Nothing Has Changed

OSSIR. 8 Novembre 2005

Security Whitepaper. DNS Resource Exhaustion

Lie. Cheat. Deceive. How to Practice the Art of Deception at Machine Speed

Routing Security* CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring * Thanks to Steve Bellovin for slide source material.

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

The Cyber War on Small Business

SECURITY INSIDE THE PERIMETER - THE CALL IS COMING FROM INSIDE THE HOUSE

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

GDPR Update and ENISA guidelines

Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

ITU Regional Cybersecurity Forum for Asia-Pacific

Data Collection and Incident Analysis: IT-ISAC Perspective. ENISA Workshop March 17, 2010

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

WHITE PAPER Hybrid Approach to DDoS Mitigation

XSP Security Vulnerabilities Panel NANOG 34 - Seattle, WA 15 MAY Martin Hannigan Network & Security Architecture Group

The NextGen cyber crime battlefield. Why organizations will always lose this battle

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

Diverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

SpaceNet AG. Internet Business Produkte für den Mittelstand. Produkt- und Firmenpräsentation. DENOG6, , Darmstadt

accelerate your ambition Chris Jenkins

HOSTED SECURITY SERVICES

Life of Ivica Ostojić security consultant engineer CEE region Gone In 60 Seconds

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

Beyond Firewalls: The Future Of Network Security

Nebraska CERT Conference

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Cyber Security at large scale

Cyber War Chronicles Stories from the Virtual Trenches

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

RSA INCIDENT RESPONSE SERVICES

March Houston, USA.

Traditional Security Solutions Have Reached Their Limit

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

RSA INCIDENT RESPONSE SERVICES

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

Cyber Threat Intelligence: Integrating the Intelligence Cycle. Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

A Unified Threat Defense: The Need for Security Convergence

Reducing the Cost of Incident Response

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

AKAMAI CLOUD SECURITY SOLUTIONS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

How Breaches Really Happen

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Networks

falanx Cyber Falanx Phishing: Measure your resilience

TURNING THE TABLE THROUGH FEDERATED INFORMATION SHARING

Security, DDoS and AntiSpam

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

A new approach to Cyber Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

DDoS Protection in Backbone Networks

Module: Routing Security. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Building an Efficient Incident Response Process Using Threat Intelligence A Global Enterprise Perspective

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cybersecurity, Cybercrime, Cyberwar, Cyberespionage...

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

The Telephony Denial of Service (TDoS) Threat

Advanced IT Risk, Security management and Cybercrime Prevention

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Managing an Active Incident Response Case. Paul Underwood, COO

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Cyber Security Maturity Model

Protecting Critical Energy Infrastructure International Multistakeholder Conference, Training & Exhibition

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

MPLS-based traffic shunt. Nicolas FISCHBACH Senior Manager - IP Engineering/Security RIPE46 - Sept. 2003

Transcription:

SP Security Primer 101 Peers working together to battle Attacks to the Net Barry Raveendran Greene bgreene@senki.org

Slide Locations Senki Site: All the materials are posted on www.senki.org ISC Sponsored Wiki: A confluence wiki sponsors s the activity at http://confluence.isc.org (SP Security space) 2

Goals Provide core techniques/task that any SP can do to improve their resistance to security issues. These core techniques can be done on any core routing vendor s equipment. Each of these techniques have proven to make a difference. New Drivers: New levels of security capability are being expected from Service Providers. Australia s I-code, FCC s CSRIC, expectations from the cyber-civic society and successful take downs are shaping these expectations. 3

Never underestimate the power of human communications as a tool to solve security problems. Our history demonstrates that since the Morris Worm, peer communication has been the most effect security tool. Barry Raveendran Greene 4

Agenda Overview Understanding the Threat: A Typical Cyber-Criminal s Work Day Why Cyber-Crime is Institutionalized? A 2012 SP Security Strategy for Action Top 10 SP Security Techniques: The Executive Summary Prepare your NOC The New Internet Civic Society : OPSEC Communities Working with your Peers with Out of Band Communications: inoc DBA Point Protection Edge Protection Remote Trigger Black Hole Sink Holes Source Address Validation Control Plane Protection Total Visibility (cont_) 5

Agenda Prepare your NOC Operational Security Community Putting the Tools to Work DDOS Attack Remote Triggered Black Hole Routing Sink Holes Remediating Violated Customers Summary 6

Expectations Today s tutorial is about the fundamentals for which new solutions and technique can be built. Everything cannot be covered today (more than a week s worth of materials). We cannot go in-depth on everything. 7

Invitation to Participate The current materials are based on the contributions of many people from the industry. Cisco, Juniper, Arbor Networks, and many of the largest SPs in the industry have all been generous to add to the volume of materials. The materials require refreshing. Invitation: If you are really interested in the security and resiliency of your network, please join the community who are working to craft and deploy the foundation techniques while creating new techniques that will security the network. E-mail: bgreene@senki.org 8

Overview 9 9

What Do You Tell the Boss? Hacker ISP CPE Target 10

The SP s Watershed Feb 2000 11

The Vetted Battling the Bad Guys 12

When BOTs Attack Inter AS http://www.wired.com/politics/security/magazine/15-09/ff_estonia_bots 13

Aggressive Collaboration is the Hijacked OPSEC Trust Conficker Cabal Key Drone-Armies MWP II YASML FUN-SEC OPEC NSP-SEC-JP NSP-SEC-BR Trust FIRST/CERT DSHIELD NSP-SEC NSP-SEC-D NSP-SEC-CN inoc-dba Teams National Cyber Teams Internet Storm Center SCADA Security Telecoms ISAC SANS Note: We are not trying to illustrate actual inter-relational or interactive connections between the different communities. FS ISAC ISACs Other ISACs 14

What is NSP-SEC NSP-SEC Closed Security Operations Alias for engineers actively working with NSPs/ISPs to mitigate security incidents. Multiple Layers of sanity checking the applicability and trust levels of individuals. Not meant to be perfect just better than what we had before. http://puck.nether.net/mailman/listinfo/nspsecurity 15

Miscreant - Incident Economic Lots of Problems & Attacks Incidents Resolve the Problem Peak Recession Cycles Community Mitigation Drive the Post Mortem Miscreant & Criminal R&D Trough Survive the Next Attack These Cycles Repeat New Criminal Revenue Opportunities Expansion Drive the Preparation time 16

Where is This Coming From? Work the Problem Tactical Mitigation Mitigation & Operations Communities Ops Meetings One-on-One Beer Meetings What we re doing today. Post Mortem Craft Strategic Response Empowerment Hardware Software BCPs 17

Working the 40/40/20 Rule Sean Donelan s (back in his SBC days) [sean@donelan.com] rule for end point patching: 40% of the customers care and will proactively patch 40% of the customers may someday care and fix/patch/delouse their machines 20% of the customers just do not care and have never responded to any effort to fix them. 18

Top Ten List of SP Security Fundelmentals 1. Prepare your NOC 2. Mitigation Communities 3. inoc-dba Hotline 4. Point Protection on Every Device 5. Edge Protection 6. Remote triggered black hole filtering 7. Sink holes 8. Source address validation on all customer traffic 9. Control Plane Protection 10. Total Visibility (Data Harvesting Data Mining) 11. Remediating Victimized Customers 19

The Fundamentals are Building Blocks for Clean Pipes DDOS Mitigation Services Malware Remediation Services 20

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Sun Tzu - Art of War 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback