Workshop: Operator's Security Toolkit Tutorial
||26 Juli 2017 08:30-16:00 wib
||Holiday Inn Kemayoran, Jakarta map
||Rp 500.000,- (Termasuk tiket masuk conference)
||Pendaftaran untuk acara ini telah ditutup|
Over ten years ago, several key security people working in operators sat down during a NANOG lunch and worked out the ?top ten? security tools every Operator should have deployed in their network. It is 2017 and many Operators don?t have these and some of the new tools that are essential if an Operator is expected to survive in today?s Threat Environment.
We?re building a new list. This list might or might not be part of the BCOP effort. For now, we?re collection views of what tools key security activist see that are required to allow for the security investigation, mitigation, remediation, and resolution of an incident. These security incidents are not limited to Denial of Service (DOS) attacks. They range from massive malware infections to data breaches, to Nation State Threat actors, industry wide take downs.
The key objectives were focused around the tools needed to mitigate DOS attack.
The Old List (What is missing? What has changed?):
- Prepare your NOC - Ensure everyone in the NOC/SOC knows how to use the entire toolkit.
- Mitigation Communities - Invest in Communities of peer who you work with to investigate and resolve the security issues facing your customers.
- iNOC-DBA Hotline (Inter ASN Communication) - have clear inter-ASN communications that allows NOCs to talk to NOC. This enables the direct communications required to investigate, mitigate, and remediation security incidents.
- Point Protection on Every Device - Assume the whole network is a potential threat vector. Each element on the network requires point protection to minimize the threat.
- Edge Protection - Protection tools on the edge of the ASN
- Remote triggered black hole filtering - Set up BGP & MPLS to use the full strength of moving/removing traffic flows updated at routing protocol speeds.
- Sink holes - Set up sections of the network to move bad traffic to sections that allow for detailed forensics.
- Source address validation on all customer traffic. All device traffic should be checked to ensure the source address and DSCP and other spoonable fields are validated.
- Control Plane Protection - Today's Control Plan protection expands beyond routing protocols. Controllers, cloud systems, and configurations systems all expand the surface area of attack.
- Total Visibility (Data Harvesting Data Mining). Traceback, backtrace, PCAPs, and extensive visibility logs are essential.
The new list will be update all the old techniques while adding new techniques.