Public ISP/NSP/SP/Big Network Security Bootcamp Materials (was RE:
[nsp] NetFlow and DoS attacks - tuning)
Barry Greene (bgreene)
bgreene at cisco.com
Wed Dec 17 03:08:09 EST 2003
> It does seem old (2001), is anyone aware of something similar?
ISP Security Materials
----------------------
Public On-Line ISP Security Bootcamp - Singapore Summer 2003
http://www.getitmm.com/bootcampflash/launch.html
Sign-On:
http://palomar.getitmm.com/bootcamp/
Much of the materials presented in the ISP Security Bootcamp builds on and
assumes a basic understanding of the principles in the ISP Essentials
materials. This whitepaper is now a book - ISP Essentials which can be
purchased through Cisco Press (http://www.ciscopress.com/) or through
another on-line book store. The supplements for the book along with the
tutorials, workshops, and bootcamps presented by Philip and I are at:
ftp://ftp-eng.cisco.com/cons/
or
http://www.ispbook.com
TEAM CYMRU Templates and Tools
------------------------------
Team CYMRU provides configuration templates, security templates, and other
services to help make the Internet a safer place to network. These can be
found at:
http://www.cymru.com/
The Original Backscattered Traceback and Customer Triggered Remote Triggered
Black Hole Techniques
----------------------------------------------------------------------------
--------------
http://www.secsup.org/Tracking/ http://www.secsup.org/CustomerBlackHole/
What is a BOTNET?
-----------------
One of the best write ups is from a freeware tool gone commercial (I guess
so they can scale).
http://swatit.org/bots/index.html
BGP 'Attack Tree' - Realities of BGP Security
-------------------------------------------
Cisco's CIAG Team moves beyond the armchair hypothesizing of BGP Security
Risk and runs test again the industry's multiple implementations of BGP
http://wwwin-people.cisco.com/sean/ciag-bgp-blackhatv2.pdf
NANOG ISP Security Seminars and Talks
-------------------------------------
The NANOG Coordination Committee actively works to product sessions and
seminars to help foster security on the Internet. All sessions are taped and
converted to VOD for all to use for their personal education. Over time,
this effort has generated a valuable On-Line Tutorial for engineers and
organizations seeking to learn more about running a more secure network.
NANOG Security Tutorial Series
Tutorial: Implementing a Secure Network Infrastructure (Part I)
http://www.nanog.org/mtg-0310/kaeo.html
Tutorial: ISP Security - Real World Techniques I - Remote Triggered Black
Hole Filtering and Backscatter Traceback.
http://www.nanog.org/mtg-0110/greene.html
Tutorial: ISP Security - Real World Techniques II - Secure the CPE Edge
http://www.nanog.org/mtg-0210/ispsecure.html
Tutorial: ISP Security: Deploying and Using Sinkholes
http://www.nanog.org/mtg-0306/sink.html
Tutorial: Deploying IP Anycast
http://www.nanog.org/mtg-0310/miller.html
NANOG Security Sessions
Watching Your Router Configurations and Detecting Those Exciting Little
Changes
http://www.nanog.org/mtg-0310/rancid.html
Building a Web of Trust
http://www.nanog.org/mtg-0310/abley.html
The Relationship Between Network Security and Spam
http://www.nanog.org/mtg-0310/spam.html
Simple Router Security, What Every ISP Router Engineer Should Know and
Practice
http://www.nanog.org/mtg-0310/routersec.html
Flawed Routers Flood University of Wisconsin Internet Time Server
http://www.nanog.org/mtg-0310/plonka.html
Trends in Denial of Service Attack Technology
http://www.nanog.org/mtg-0110/cert.html
Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting
the Word Out?
` http://www.nanog.org/mtg-0110/moore.html
DoS Attacks in the Real World
http://www.nanog.org/mtg-0110/irc.html
Diversion & Sieving Techniques to Defeat DDoS
http://www.nanog.org/mtg-0110/afek.html
DNS Damage - Measurements at a Root Server
http://www.nanog.org/mtg-0202/evi.html
Protecting the BGP Routes to Top Level DNS Servers
http://www.nanog.org/mtg-0206/bush.html
BGP Security Update
http://www.nanog.org/mtg-0206/barry.html
Industry/Government Infrastructure Vulnerability Assessment: Background and
Recommendations
http://www.nanog.org/mtg-0206/avi.html
A National Strategy to Secure Cyberspace
http://www.nanog.org/mtg-0210/sachs.html
How to 0wn the Internet in Your Spare Time
http://www.nanog.org/mtg-0210/vern.html
ISP Security BOF I
http://www.nanog.org/mtg-0210/securebof.html
The Spread of the Sapphire/Slammer Worm
http://www.nanog.org/mtg-0302/weaver.html
ISP Security BOF II
http://www.nanog.org/mtg-0302/securebof.html
The BGP TTL Security Hack
http://www.nanog.org/mtg-0302/hack.html
Security Considerations for Network Architecture
http://www.nanog.org/mtg-0302/avi.html
Lack of Priority Queuing on Route Processors Considered Harmful
http://www.nanog.org/mtg-0302/gill.html
Interception Technology: The Good, The Bad, and The Ugly!
http://www.nanog.org/mtg-0306/schiller.html
The NIAC Vulnerability Disclosure Framework and What It Might Mean to the
ISP Community
http://www.nanog.org/mtg-0306/duncan.html
Inter-Provider Coordination for Real-Time Tracebacks
http://www.nanog.org/mtg-0306/moriarity.html
ISP Security BOF III
http://www.nanog.org/mtg-0306/securitybof.html
S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a
Compromise to Get It?
http://www.nanog.org/mtg-0306/sbgp.html
BGP Vulnerability Testing: Separating Fact from FUD
http://www.nanog.org/mtg-0306/franz.html
BGP Attack Trees - Real World Examples
http://www.nanog.org/mtg-0306/hares.html
NRIC Best Practices for ISP Security
http://www.nanog.org/mtg-0306/callon.html
More information about the cisco-nsp
mailing list