SlideShare a Scribd company logo

Are you ready for the next attack? Reviewing the SP Security Checklist

MyNOG
MyNOG

Are you ready for the next attack? Reviewing the SP Security Checklist Barry Greene CTO (GETIT)

Internet
1 of 23
Download to read offline
ARE
 YOU
 READY
 FOR
 THE
 NEXT
  ATTACK? Reviewing the SP Security Checklist Barry Greene - bgreene@senki.org
Checklist Approach Checklist are one of the most essential tools for productivity we have in the industry. Surprisingly, too few “Internet” and “Telecom” operators use the checklist approach to optimize their operations. What follows is the first in several “check list” designed for Internet Service Providers, be they Mobile, traditional Telco, Content, of ISPs. They can be cut/pasted and used in your organization. Additions to the checklist are always welcomed. * Thanks to Stephen Stuart @ Google for pointing out Atul Gawande’s book Note: If this is new to you, read the book “The Checklist Manifesto” and watch the TED talk: http://www.ted.com/talks/atul_gawande_how_do_we_heal_medicine
[T]he  malware  that  was  used  would   have  gotten  past  90  percent  of  the  Net   defenses  that  are  out  there  today  in   private  industry  and  [would have   been]  likely  to  challenge  even  state   government,   Joe  Demarest,  Assistant  Director  -­ US   FBI’s  Investigation’s Cyberdivision. Do we have your attention?
Our Traditional View of the World The Internet is not organized based on countries. It is a group of “Autonomous System Networks” (ASNs) all interconnected in a Global Network.
The Reality of the Internet - No Borders How does a government enforce the rule of law where the Internet’s risk are all trans-national?
Work on the Right Security Problem The Good Guys are the Big Part of the Security Problem
Threat Vectors have Evolved Cyber-Criminal Threats Cyber-Crime is an International Legal problem that has no short term resolution. There will always be someplace in the world that is a harbor for cyber-criminal activity. Political, Patriotic, Protestors (P3) There are always going to be someone, somewhere, who is upset with society - with the ability to make their anxiety know through any network - any where. Nation State Threats Post-Snowden, the secret world of nation state security is now all in the open. Your network is a valid “Battle Space” for any Cyber-War.
Security Threats are a Force of Nature Think of the current and future security threats as a force of of the environment we live in. This is not new to human society. We have to live with the issues of nature all the time. Like a hurricane, it is not a matter of if, but when. Even worse, you can be in a zone where the hurricane, tornado, flood, earth quake, and blizzard are all a major risk. Forces of Nature cannot be stopped - the only thing you can do is mitigate risk through your design, preparation, and investment.
“Security” Excuses •LaLaLa if I ignore you may be you will go away. •It is someone else's problem. •I don’t know where to start? •I need to wait for someone to tell me what to do. •No one has been killed ..... Yet. •I need more training! •We cannot afford all the security equipment. •We need to wait for ISO 27001 Certification. Reality - there is a lot of “talk” about security, but most operations just do not care …. until the s!@# hits the fan.
Positive Control Have positive control over all elements in your network. Know who is accessing, when they are accessing, and where they are accessing from. Think beyond TACACS+. Start asking for Diameter and two factor authorization with IPv6 only access. Log everything and expect all there threat vectors probing. Consequences of neglect is severe. This is always the #1 issue risk assessors find in networks! Who is that who logging in? Why does node in from country X login?
VTY ACLs are Critical Put VTY Access list everywhere, log it, plot in MRTG/Cati, and create the alert scripts. The VTY access list trick is on of the key cost effective tools that consistently delivers key indicators of attackers probing the network, exploring the network, or trying to break into the elements of the network. The only way to make this work effectively is to build your own script or use tool from companies like 6Connect. Why is someone trying to telnet into my eNodeB from another eNodeB? Why are there a increase in “drops” on my internal SSH?
Force Vendor Security Partnerships Use the Vendor Security Checklist with all your vendors now. Set up the meetings, have them comply, and push if non- compliant. Then have these items part of all your RFPs. Vendors will NOT pay attention to security until their customers demand security …. or if you take legal action for liability against the vendors. Waiting for the dialog is going to create problems when the s!@# with a specific vendor. * E-mail and ask for a copy with the Security “RFP” questions.
What is the Upgrade Plan? Every element in your system needs a tested Upgrade Plan. Don’t wait for an emergency patch to find out that a major routers take 6 hours to upgrade! Create the upgrade plan. Write the MOP for the test as a template. Rest the plan in your lab, or I the vendor's lab. Table top exercise how you would have a rolling upgrade through out the entire system. Map the other systems which are coupled dependencies or collaterally impacted. Once all of this is done, start working on designs where you can do these upgrades without the massive service impact. Your first reaction would be “isn’t this basic?” Start asking for details and you will be surprised. One vendor thought is was normal for a router to be upgraded in 4 hours!
IPv6 Check = Security Bring in all your vendors and review the IPv6 Check list. Don't wait for the next RFP. The Cyber-Criminal and Nation-State threat vectors both know that IPv6 is the easy entry for getting into and through a network. There is way too many 1/2 completed IPv6 deployments with equipment that is not ready (I.e. No IPv6 security features). Cyber-Criminals figured out that IPv6 was a backdoor into a network 5 years ago.
Build your Attack Trees Learn Attack Trees, build your attack trees, explore all the ways you can break and network. Once you have your own list of dirty tricks to break your network, start building reaction plans with the tools you have in place right now. If brave, get someone to facilitate a Red Team - Blue Team table top exercise.
Write your BGP Policy! Write your BGP policy down so that your CEO understands it! What are you going to send? What are you going to receive? How are you going to monitor? How are you going to enforce? How do you manage your customers? The days when “BGP policy” is in a “Cisco config script” will not work when the threat environment is so hostile. One of the barriers to RPKI ROA registration is the lack of proactive thinking, planning, and documentation around an operator’s interconnection policy. You will make important discoveries of “BGP risk” when you write it down in a way that everyone can understand!
Review your DNS Architecture! Review all of your DNS Architecture to Ensure it is Resilient. Several of the major “DNS outages” in 2014 had a root cause in how they were designed. Do not listen to the vendors, they would want to sell you a solution that will put all the DNS functionality into one box, creating single points of failure.

Recommended

Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 

Recommended

Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...APNIC
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersCorero Network Security
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018African Cyber Security Summit
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS SolutionSrikrupa Srivatsan
 
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN ControllerHACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN ControllerPriyanka Aash
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS ProtectionSrikrupa Srivatsan
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSIxia
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and SolutionsInnoTech
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation toolsBangladesh Network Operators Group
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDeivid Toledo
 
Ximena11
Ximena11Ximena11
Ximena11Juan M. Lozano
 
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjonBDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjonBDO Norge AS
 

More Related Content

What's hot

AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...APNIC
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersCorero Network Security
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN ControllerHACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN ControllerPriyanka Aash
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSIxia
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and SolutionsInnoTech
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDeivid Toledo
 

What's hot (20)

AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN ControllerHACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
HACKING THE BRAIN: Customize Evil Protocol to Pwn an SDN Controller
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
 

Viewers also liked

BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjonBDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjonBDO Norge AS
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
 
Be Anything. A book by Kyle MacDonald. A red paperclip idea.
Be Anything. A book by Kyle MacDonald. A red paperclip idea.Be Anything. A book by Kyle MacDonald. A red paperclip idea.
Be Anything. A book by Kyle MacDonald. A red paperclip idea.Kyle MacDonald
 
3000 từ vựng tiếng anh thông dụng nhất
3000 từ vựng tiếng anh thông dụng nhất3000 từ vựng tiếng anh thông dụng nhất
3000 từ vựng tiếng anh thông dụng nhấtNguyen Kieu Viet Nhu
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Cooperation, competition, conflict, and power in teams
Cooperation, competition, conflict, and power in teamsCooperation, competition, conflict, and power in teams
Cooperation, competition, conflict, and power in teamstjcarter
 
Grammar: Verb Types
Grammar: Verb TypesGrammar: Verb Types
Grammar: Verb TypesSam Georgi
 
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...Emma Díaz
 

Viewers also liked (11)

Ximena11
Ximena11Ximena11
Ximena11
 
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjonBDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
BDO Innsikt 2014: Økonomisk kriminalitet og korrupsjon
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX Updates
 
Be Anything. A book by Kyle MacDonald. A red paperclip idea.
Be Anything. A book by Kyle MacDonald. A red paperclip idea.Be Anything. A book by Kyle MacDonald. A red paperclip idea.
Be Anything. A book by Kyle MacDonald. A red paperclip idea.
 
3000 từ vựng tiếng anh thông dụng nhất
3000 từ vựng tiếng anh thông dụng nhất3000 từ vựng tiếng anh thông dụng nhất
3000 từ vựng tiếng anh thông dụng nhất
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Cooperation, competition, conflict, and power in teams
Cooperation, competition, conflict, and power in teamsCooperation, competition, conflict, and power in teams
Cooperation, competition, conflict, and power in teams
 
Grammar: Verb Types
Grammar: Verb TypesGrammar: Verb Types
Grammar: Verb Types
 
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...
Nosologia Clinica y Quirurgica de Musculo Esqueletico TRAUMATOLOGIA Dr Rueben...
 
Correlational Research
Correlational ResearchCorrelational Research
Correlational Research
 
Tipos de tórax
Tipos de tóraxTipos de tórax
Tipos de tórax
 

Similar to Are you ready for the next attack? Reviewing the SP Security Checklist

Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!wmetcalf
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Barry Greene
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedStanford University
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to InfrastructureJorge Orchilles
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteSandraPaiva
 
GBS - Prevent network security fires
GBS - Prevent network security firesGBS - Prevent network security fires
GBS - Prevent network security firesKristin Helgeson
 

Similar to Are you ready for the next attack? Reviewing the SP Security Checklist (20)

Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons Learned
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Select idps
Select idpsSelect idps
Select idps
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference Keynote
 
GBS - Prevent network security fires
GBS - Prevent network security firesGBS - Prevent network security fires
GBS - Prevent network security fires
 
Security
SecuritySecurity
Security
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
Abb e guide3
Abb e guide3Abb e guide3
Abb e guide3
 

More from MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 

More from MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 

Recently uploaded

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 

Recently uploaded (20)

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 

Are you ready for the next attack? Reviewing the SP Security Checklist

  • 1. ARE
  • 7.   ATTACK? Reviewing the SP Security Checklist Barry Greene - bgreene@senki.org
  • 8. Checklist Approach Checklist are one of the most essential tools for productivity we have in the industry. Surprisingly, too few “Internet” and “Telecom” operators use the checklist approach to optimize their operations. What follows is the first in several “check list” designed for Internet Service Providers, be they Mobile, traditional Telco, Content, of ISPs. They can be cut/pasted and used in your organization. Additions to the checklist are always welcomed. * Thanks to Stephen Stuart @ Google for pointing out Atul Gawande’s book Note: If this is new to you, read the book “The Checklist Manifesto” and watch the TED talk: http://www.ted.com/talks/atul_gawande_how_do_we_heal_medicine
  • 9. [T]he  malware  that  was  used  would   have  gotten  past  90  percent  of  the  Net   defenses  that  are  out  there  today  in   private  industry  and  [would have   been]  likely  to  challenge  even  state   government,   Joe  Demarest,  Assistant  Director  -­ US   FBI’s  Investigation’s Cyberdivision. Do we have your attention?
  • 10. Our Traditional View of the World The Internet is not organized based on countries. It is a group of “Autonomous System Networks” (ASNs) all interconnected in a Global Network.
  • 11. The Reality of the Internet - No Borders How does a government enforce the rule of law where the Internet’s risk are all trans-national?
  • 12. Work on the Right Security Problem The Good Guys are the Big Part of the Security Problem
  • 13. Threat Vectors have Evolved Cyber-Criminal Threats Cyber-Crime is an International Legal problem that has no short term resolution. There will always be someplace in the world that is a harbor for cyber-criminal activity. Political, Patriotic, Protestors (P3) There are always going to be someone, somewhere, who is upset with society - with the ability to make their anxiety know through any network - any where. Nation State Threats Post-Snowden, the secret world of nation state security is now all in the open. Your network is a valid “Battle Space” for any Cyber-War.
  • 14. Security Threats are a Force of Nature Think of the current and future security threats as a force of of the environment we live in. This is not new to human society. We have to live with the issues of nature all the time. Like a hurricane, it is not a matter of if, but when. Even worse, you can be in a zone where the hurricane, tornado, flood, earth quake, and blizzard are all a major risk. Forces of Nature cannot be stopped - the only thing you can do is mitigate risk through your design, preparation, and investment.
  • 15. “Security” Excuses •LaLaLa if I ignore you may be you will go away. •It is someone else's problem. •I don’t know where to start? •I need to wait for someone to tell me what to do. •No one has been killed ..... Yet. •I need more training! •We cannot afford all the security equipment. •We need to wait for ISO 27001 Certification. Reality - there is a lot of “talk” about security, but most operations just do not care …. until the s!@# hits the fan.
  • 16. Positive Control Have positive control over all elements in your network. Know who is accessing, when they are accessing, and where they are accessing from. Think beyond TACACS+. Start asking for Diameter and two factor authorization with IPv6 only access. Log everything and expect all there threat vectors probing. Consequences of neglect is severe. This is always the #1 issue risk assessors find in networks! Who is that who logging in? Why does node in from country X login?
  • 17. VTY ACLs are Critical Put VTY Access list everywhere, log it, plot in MRTG/Cati, and create the alert scripts. The VTY access list trick is on of the key cost effective tools that consistently delivers key indicators of attackers probing the network, exploring the network, or trying to break into the elements of the network. The only way to make this work effectively is to build your own script or use tool from companies like 6Connect. Why is someone trying to telnet into my eNodeB from another eNodeB? Why are there a increase in “drops” on my internal SSH?
  • 18. Force Vendor Security Partnerships Use the Vendor Security Checklist with all your vendors now. Set up the meetings, have them comply, and push if non- compliant. Then have these items part of all your RFPs. Vendors will NOT pay attention to security until their customers demand security …. or if you take legal action for liability against the vendors. Waiting for the dialog is going to create problems when the s!@# with a specific vendor. * E-mail and ask for a copy with the Security “RFP” questions.
  • 19. What is the Upgrade Plan? Every element in your system needs a tested Upgrade Plan. Don’t wait for an emergency patch to find out that a major routers take 6 hours to upgrade! Create the upgrade plan. Write the MOP for the test as a template. Rest the plan in your lab, or I the vendor's lab. Table top exercise how you would have a rolling upgrade through out the entire system. Map the other systems which are coupled dependencies or collaterally impacted. Once all of this is done, start working on designs where you can do these upgrades without the massive service impact. Your first reaction would be “isn’t this basic?” Start asking for details and you will be surprised. One vendor thought is was normal for a router to be upgraded in 4 hours!
  • 20. IPv6 Check = Security Bring in all your vendors and review the IPv6 Check list. Don't wait for the next RFP. The Cyber-Criminal and Nation-State threat vectors both know that IPv6 is the easy entry for getting into and through a network. There is way too many 1/2 completed IPv6 deployments with equipment that is not ready (I.e. No IPv6 security features). Cyber-Criminals figured out that IPv6 was a backdoor into a network 5 years ago.
  • 21. Build your Attack Trees Learn Attack Trees, build your attack trees, explore all the ways you can break and network. Once you have your own list of dirty tricks to break your network, start building reaction plans with the tools you have in place right now. If brave, get someone to facilitate a Red Team - Blue Team table top exercise.
  • 22. Write your BGP Policy! Write your BGP policy down so that your CEO understands it! What are you going to send? What are you going to receive? How are you going to monitor? How are you going to enforce? How do you manage your customers? The days when “BGP policy” is in a “Cisco config script” will not work when the threat environment is so hostile. One of the barriers to RPKI ROA registration is the lack of proactive thinking, planning, and documentation around an operator’s interconnection policy. You will make important discoveries of “BGP risk” when you write it down in a way that everyone can understand!
  • 23. Review your DNS Architecture! Review all of your DNS Architecture to Ensure it is Resilient. Several of the major “DNS outages” in 2014 had a root cause in how they were designed. Do not listen to the vendors, they would want to sell you a solution that will put all the DNS functionality into one box, creating single points of failure.
  • 24. Review your DNS Architecture! Example: Generic DNS Authoritative Infrastructure
  • 25. Review your DNS Architecture! Example: Generic DNS Resolver Infrastructure
  • 26. Review your DNS Architecture! Example: LTE has Five Separate DNS “Architectures!”
  • 27. Where is your “Security Community?” Proactively build a security community of peers. The Internet is a network of people! Major security issues on the Internet are solved by communities of people who have aligned interest. These communities take proactive investment. Many times you will be working with your competitors. Yet, the effort will save your network. If not tomorrow, then next year or the year after. Can you pick up the phone, call several of your peers, and start working on a security issue that is impacting everyone?
  • 28. Checklist Summary Positive Control VTY ACLs are Critical Force Vendor Security Partnerships Every element in your system needs a tested Upgrade Plan. Bring in all your vendorsand review the IPv6 Check list. Learn Attack Trees, build your attack trees, explore all the ways you can break and network. Write your BGP policy down so that your CEO understandsit! Review all of your DNS Architecture to Ensure it is Resilient. Proactively build a security community of peers. More to come …..
  • 29. What’s Next? Commit to do something to prepare your organization. You do not need to ask permission, just start doing something ….. Where to get the “Checklist?” www.senki.org Barry’s Linkedin Post - http://www.linkedin.com/in/barryrgreene/ or Twitter: @BarryRGreene Reach out and Build a Community