nCircle.com >> 360 Security

« cansecwest/core06 Pre-show | Main | SCADAGard SIG To Be Established »

cansecwest/core06 "Protecting the Infrastructure"

cansecwest/core06
Jim DeLeskie & Danny McPherson
Title: Protecting the Infrastructure

The talks title was protecting the core infrastructure. For the most part, this was a talk about routers and to call ONLY routers core infrastructure is misleading. Yes, it is core but so is SONET, RADIUS, DNS, NTP, and so on. This talk should have been called “Best Practice Security for Cisco Routers”.

Management, Control, and Data Planes were explained. Ingress Filter, Unicast Reverse Path Forwarding, Tracebacks, iACL (infrastructure Access control lists), CEF accounting, Netflow/Sflow/*flow, blackhole routing, and so on. For someone who had never designed or administrated a large IP network, this talk had a LOT of value. McPherson was someone who when I was learning the ins and outs of BGP4 throughout the 90’s, his books and postings to the NANOG mailing-list were vital in my education. I should also toss in that anyone who had been to a NANOG conference in the past few years, you would have gotten this content. Good content for someone who does not understand the threat and countermeasures involved in securing the routing infrastructure (which almost by default is Cisco).

Please take note that this threat is very real. Service Providers are the most effected and as a consequence more educated about these measures; Enterprise networks are less educated about these measures and countermeasures. In any case, getting educated is the very first step in managing these risks.

One last note, the material covered in this talk is about 3 or 4 years old which means that your adversary has known of all these methods for a while. If this material is new to you, either you learned of these attacks the hard way (ie you were the victim of it) or consider yourself lucky that you learned of it via this con and now you can setup the appropriate security countermeasures.

At the end of the presentation, they presented some interesting stats. They said that in their bi-annual sampling, the trend is that victims are taking preventative measures and becoming more educated. The one issue that stuck out was a stat that 29% of their sampling did not believe law enforcement could help the victim. Sad. If this is true, law enforcement should take an active role in changing this image. Like Cosmo said in the movie “Sneakers”, it is not about who has more bullets, it is about who controls the information.

Posted on April 5, 2006 10:40 PM |

Comments (1)

used cisco:

"The one issue that stuck out was a stat that 29% of their sampling did not believe law enforcement could help the victim."

This stat is incredible and I believe it could even be higher. We have had a few "incident" in the past and when we attempted to contact the local authorities, not only did they not take it seriously but I have honest doubts that they have any resources to even attempt an investigation.

The net is still the wild west and your best offense is a good defense.

Posted by used cisco | April 12, 2006 6:13 PM

Posted on April 12, 2006 18:13

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on April 5, 2006 10:40 PM.

The previous post in this blog was cansecwest/core06 Pre-show.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]