It is time for a refresh of the SP Security materials used by many over the years. Back in 2002, several people in the emerging “Service Provider Security” field pulled together a list of top practices every Operator should deploy. These “NSP-SEC Top 10” techniques became the foundation of our toolkit that is used daily in all parts of the Internet. Years later, these materials require a refresh and a new tour of training to empower new generations of peers and ensure that as many ASNs as possible have these tools deployed. The new Operator’s Security Toolkit will materials we use with all ASN (Service Providers, Mobile Operators, Cloud Operators, Universities, Enterprises, Government Networks, and Multi-national companies).
An overview of the “toolkit refresh” can be viewed here: Operator’s Security Toolkit: Investing in Private-Private Action
The following workshop presentations are the latest modules. These are updated and maintained.
- 0001 – Threats, Risks, Context, & Overview 2017-09-05
- 0002 – Key Principles of a Successful Internet Engineer 2017-07-24
- 0003 – Can vendors ever provide secure solutions? 2017-07-24
- 0004 – Are you ready for the next attack? Reviewing the SP Security Checklist 2017-07-24
- 0005 – Operational Security Community 2017-09-05
- 0006 – Point Protection 2017-07-24
- 0007 – Edge Protection 2017-07-24
- 0008 – Remote Triggered Black Hole (RTBH) 2017-07-24
- 0009 – Sink Holes, Dark IP and HoneyNets 2017-07-24
- 0010 – Source Address Validation 2017-07-24
- 0011 – Control Plane Protection – Essentials 2017-07-24
- 0012 – Total Visibility 2017-09-05
- 0013 – How to respond to a DDOS Attack? – 2017-09-05
The Operators Security Toolkit will grow organically with each module developing to meet the needs of the operator community. There will be a special focus on deployment of the tools needed to allow security practitioners who work on the investigations to productively interact with network operations teams.
Workshop & Industry Papers, Checklist, and Guides
The presentations and webinar videos are supplemented by guides, checklist, and white papers. These are all focused on key recommendations to build resiliency and security into the ASN. Many of these are rapid industry consensus guidelines. For example, if there is a large incident like Wanacry (2017), the industry working the incident will use these papers are tools to get the word out in a way that is not “vendor specific.” In time, this will provide the industry with materials that can be used now while being source materials to the NANOG, RIPE, and ISOC BCOP documents.
- Filtering Exploitable Ports and Minimizing Risk from the Internet and from Your Customers
What are you doing to prepare for the next “scanning malware” and “Internet Worm?”
- Preparing for DOS Attacks – the Essentials. Are you Prepared for your Next DoS Attack?
Reporting DoS Attacks are the Key to Fighting Back!
- Remote Triggered Black Hole (RTBH) Filtering – RTBH Fundamentals
- Study Materials for Operational Security and DOS Defense
Resources for the Operator’s Security Toolkit
There are more tools available than most Operators realize. The following are resources, guides, white papers, and other guides to help the Operator deploy the tools in the Security Toolkit.
- Open Source and Other Threat Intelligence Feeds. This is a large list of security intelligence resources. Do not sit on your hands when attacked. These tools will allow you to start your investigation without all the internal tools deployed. Practice every day with these community security tools and you will better understand which of the Operator’s Security Tools would be a deployment priority.
Workshop Papers and Reading List
These documents are part of the recommended reading list. These documents help Security conscious Operators gain the knowledge to help them deploy a more resilient and secure network.
- Demand Security from your Vendors. Step by step “conversation” guide to foster meaningful conversations between the Operator and their vendors.
- Filtering Exploitable Ports and Minimizing Risk to and from Your Customers
- Conficker Working Group Lessons Learned. This is a “must read” document for anyone working in Security. It provides insight into how Trust Groups work to protect the Internet.
- Preparing for the next wave of DOS Attacks. Two articles help organizations with a checklist of actions – Preparing for the next DDOS Wave and Reporting DoS Attacks & Fighting Back Against DOS Attacks, These are industry consensus recommendations from the team who hunted down the DD4BC DOS Extorsion racket.
How to request a part of all of the Operator’s Security Toolkit Workshop?
Please send workshop request to Barry Greene (firstname.lastname@example.org). The workshop modules are designed to be presented with each module standing on their own, sections of the module, a mix of the modules (full day) or the entire workshop (1 week). The 1-week workshop includes hands-on virtual labs on RTBH and other essential tools for turning routing protocols into a powerful security tool.