SlideShare une entreprise Scribd logo

How To Process And Solve Network Security In ISP

Kae Hsu
Kae Hsu
TechnologieActualités & Politique
1  sur  30
Télécharger pour lire hors ligne
ISP對網路安全問題之處理與解決方式 - 7th TWNIC OPM 2006/11/23, Taipei 許至凱 支援群工程處通訊網路部 kae@du.net.tw
Agenda http://www.seed.net.tw ISP security profile Control plane security Data plane security Reference 2
ISP security profile http://www.seed.net.tw Two positions to implement security Physical position Logical position On logical position level, deploy security mechanism on: Control plane Data plane 3
ISP security profile http://www.seed.net.tw Control plane Data plane management routing protocol Control plane Data plane IP/MPLS packets 4
Control plane security http://www.seed.net.tw Security issues on ISP router Secured the router Keep the routing information secured Event logging 5
Control plane security http://www.seed.net.tw Security issues on ISP router Secured the router Keep the un-authorized traffic away Router ACL » telnet/ssh/IGP/BGP Out-of-band management Rate limit the traffic forward to control plane ICMP/UDP Use AAA when accessing the router Authentication Authorization Auditing 6
Control plane security http://www.seed.net.tw Security issues on ISP router Keep the routing information secured Authenticated routing exchange MD5 Authenticated the route prefix RADB Bogon list » Cymru Bogon list » CompleteWhois Bogon list Authenticated the routes prefix number BGP prefix limitation 7
Control plane security http://www.seed.net.tw RADB 8
Control plane security http://www.seed.net.tw RADB 9
Control plane security http://www.seed.net.tw RADB > whois -h whois.radb.net 139.175/16 route: 139.175.0.0/16 descr: Digital United Inc. (seednet) No. 220, Gangchi road, Nei-Hu district, Taipei, Taiwan, 11444 origin: AS4780 admin-c: KH54-AP tech-c: KH54-AP notify: cn@du.net.tw mnt-by: MAINT-AS4780 changed: jzs@du.net.tw 20031009 changed: kae@du.net.tw 20060605 #02:46:26(UTC) source: RADB 10
Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 11
Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 12
Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 13
Control plane security http://www.seed.net.tw Bogon list » CompleteWhois Bogon list 14
Control plane security http://www.seed.net.tw Bogon list » CompleteWhois Bogon list 15
Control plane security http://www.seed.net.tw BGP prefix limitation 16
Control plane security http://www.seed.net.tw Security issues on ISP router Event logging Router event Log everything crucial in your router Log server Routing event IGP event » LSAs history » Routes add/withdrawn history BGP event » Routes add/withdrawn 17
Control plane security http://www.seed.net.tw Router event Log everything crucial in your router Log server Nov 21 06:25:27: %SONET-4-ALARM: POS2/3: SLOS Nov 21 06:25:29: %LINK-3-UPDOWN: Interface POS2/3, changed state to down Nov 21 06:25:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS2/3, changed state to down Nov 21 06:26:42: %SONET-4-ALARM: POS2/3: SLOS cleared Nov 21 06:26:44: %LINK-3-UPDOWN: Interface POS2/3, changed state to up Nov 21 06:26:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS2/3, changed state to up Log server 18
Control plane security http://www.seed.net.tw Routing event IGP event » LSAs history » Routes add/withdrawn history LS A Area 0 Local area A ABR LS RIP ASBR A LS LS LS A A A LS LSA log 19 Log server
Control plane security http://www.seed.net.tw Routing event BGP event » Routes add/withdrawn AS200 AS300 AS100 BGP update log 20 Log server
Data plane security http://www.seed.net.tw Security issues in ISP network Prevent un-authenticated packet flow Prevent denied of service attack 21
Data plane security http://www.seed.net.tw Security issues in ISP network Prevent un-authenticated packet flow from Internet Source address from Bogon list Source address spoofing to Internet Source address spoofing Unicast Reverse Path Forwarding (uRPF) 22
Data plane security http://www.seed.net.tw Security issues in ISP network Prevent denied of service attack Black hole Drop packets from some BGP nodes Sink hole Redirect packets to special node 23
Data plane security http://www.seed.net.tw Black hole DDoS attack happened!!! AS200 AS100 AS300 24
Data plane security http://www.seed.net.tw Black hole Drop packets from some BGP nodes AS200 AS100 AS300 25
Data plane security http://www.seed.net.tw Sink hole DDoS attack happened!!! AS200 AS100 AS300 DDoS attack happened!!! 26
Data plane security http://www.seed.net.tw Sink hole DDoS attack happened!!! AS200 AS100 AS300 Sent some commands to border router 27
Data plane security http://www.seed.net.tw Sink hole Redirect packets to special node AS200 AS100 AS300 28
Reference http://www.seed.net.tw Books ISP Essentials http://www.ciscopress.com/title/1587050412 Papers “Operational Security Current Practices” http://www.ietf.org/internet-drafts/draft- ietf-opsec-current-practices-07.txt Web sites http://www.nanog.org/subjects.html#S http://www.cymru.com/Bogons/ http://www.completewhois.com/bogons/ 29
Questions & Comments? sees your needs

Recommandé

Show Version Command on a Router
Show Version Command on a RouterShow Version Command on a Router
Show Version Command on a RouterYaser Rahmati
 
Video recording system vrs 2017
Video recording system vrs 2017Video recording system vrs 2017
Video recording system vrs 2017Alexander-admin
 
FEGTS IP Training - Network Diagnostic Introduction
FEGTS IP Training - Network Diagnostic IntroductionFEGTS IP Training - Network Diagnostic Introduction
FEGTS IP Training - Network Diagnostic IntroductionKae Hsu
 
Network and TCP performance relationship workshop
Network and TCP performance relationship workshopNetwork and TCP performance relationship workshop
Network and TCP performance relationship workshopKae Hsu
 
Botnets & DDoS Introduction
Botnets & DDoS IntroductionBotnets & DDoS Introduction
Botnets & DDoS IntroductionKae Hsu
 
How internet works and how messages are transferred in Internet
How internet works and how messages are transferred in InternetHow internet works and how messages are transferred in Internet
How internet works and how messages are transferred in Internetpagetron
 
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'Rawnet Lightning talk - 'A Day in the Life of an Account Manager'
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'Rawnet
 
A review of Concrete 5 and what is new in version 5.7
A review of Concrete 5 and what is new in version 5.7A review of Concrete 5 and what is new in version 5.7
A review of Concrete 5 and what is new in version 5.7Rawnet
 

Recommandé

Show Version Command on a Router
Show Version Command on a RouterShow Version Command on a Router
Show Version Command on a RouterYaser Rahmati
 
Video recording system vrs 2017
Video recording system vrs 2017Video recording system vrs 2017
Video recording system vrs 2017Alexander-admin
 
FEGTS IP Training - Network Diagnostic Introduction
FEGTS IP Training - Network Diagnostic IntroductionFEGTS IP Training - Network Diagnostic Introduction
FEGTS IP Training - Network Diagnostic IntroductionKae Hsu
 
Network and TCP performance relationship workshop
Network and TCP performance relationship workshopNetwork and TCP performance relationship workshop
Network and TCP performance relationship workshopKae Hsu
 
Botnets & DDoS Introduction
Botnets & DDoS IntroductionBotnets & DDoS Introduction
Botnets & DDoS IntroductionKae Hsu
 
How internet works and how messages are transferred in Internet
How internet works and how messages are transferred in InternetHow internet works and how messages are transferred in Internet
How internet works and how messages are transferred in Internetpagetron
 
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'Rawnet Lightning talk - 'A Day in the Life of an Account Manager'
Rawnet Lightning talk - 'A Day in the Life of an Account Manager'Rawnet
 
A review of Concrete 5 and what is new in version 5.7
A review of Concrete 5 and what is new in version 5.7A review of Concrete 5 and what is new in version 5.7
A review of Concrete 5 and what is new in version 5.7Rawnet
 
Web 101 by Jennifer Lill
Web 101 by Jennifer LillWeb 101 by Jennifer Lill
Web 101 by Jennifer LillJennifer Lill
 
4byte As Number Migration Suggestion
4byte As Number Migration Suggestion4byte As Number Migration Suggestion
4byte As Number Migration SuggestionKae Hsu
 
Rawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web ComponentsRawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web ComponentsRawnet
 
Rawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - ElasticsearchRawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - ElasticsearchRawnet
 
Toward The Semantic Deep Web
Toward The Semantic Deep WebToward The Semantic Deep Web
Toward The Semantic Deep WebSamiul Hoque
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop materialKae Hsu
 
Rawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design InspirationRawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design InspirationRawnet
 
Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet
 
Noisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networksNoisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networksMichael Stumpf
 
4 Byte As Ns Test Scenarios
4 Byte As Ns Test Scenarios4 Byte As Ns Test Scenarios
4 Byte As Ns Test ScenariosKae Hsu
 
20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFV20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFVKae Hsu
 
Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.Rawnet
 
Network Design in Cloud-ready IDC
Network Design in Cloud-ready IDCNetwork Design in Cloud-ready IDC
Network Design in Cloud-ready IDCKae Hsu
 
CDN and ISP Operation
CDN and ISP OperationCDN and ISP Operation
CDN and ISP OperationKae Hsu
 
How Internet Works
How Internet WorksHow Internet Works
How Internet WorksKae Hsu
 
Redundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpointRedundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpointKae Hsu
 
Rawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' reviewRawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' reviewRawnet
 
Multimedia- How Internet Works
Multimedia- How Internet WorksMultimedia- How Internet Works
Multimedia- How Internet Workssambhenilesh
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networkingRozitarmizi Mohammad
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesAlcide
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
WebWay at a glance
WebWay at a glanceWebWay at a glance
WebWay at a glancechris_carter_brennan01
 

Contenu connexe

En vedette

Web 101 by Jennifer Lill
Web 101 by Jennifer LillWeb 101 by Jennifer Lill
Web 101 by Jennifer LillJennifer Lill
 
4byte As Number Migration Suggestion
4byte As Number Migration Suggestion4byte As Number Migration Suggestion
4byte As Number Migration SuggestionKae Hsu
 
Rawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web ComponentsRawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web ComponentsRawnet
 
Rawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - ElasticsearchRawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - ElasticsearchRawnet
 
Toward The Semantic Deep Web
Toward The Semantic Deep WebToward The Semantic Deep Web
Toward The Semantic Deep WebSamiul Hoque
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop materialKae Hsu
 
Rawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design InspirationRawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design InspirationRawnet
 
Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet
 
Noisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networksNoisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networksMichael Stumpf
 
4 Byte As Ns Test Scenarios
4 Byte As Ns Test Scenarios4 Byte As Ns Test Scenarios
4 Byte As Ns Test ScenariosKae Hsu
 
20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFV20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFVKae Hsu
 
Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.Rawnet
 
Network Design in Cloud-ready IDC
Network Design in Cloud-ready IDCNetwork Design in Cloud-ready IDC
Network Design in Cloud-ready IDCKae Hsu
 
CDN and ISP Operation
CDN and ISP OperationCDN and ISP Operation
CDN and ISP OperationKae Hsu
 
How Internet Works
How Internet WorksHow Internet Works
How Internet WorksKae Hsu
 
Redundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpointRedundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpointKae Hsu
 
Rawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' reviewRawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' reviewRawnet
 
Multimedia- How Internet Works
Multimedia- How Internet WorksMultimedia- How Internet Works
Multimedia- How Internet Workssambhenilesh
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networkingRozitarmizi Mohammad
 

En vedette (19)

Web 101 by Jennifer Lill
Web 101 by Jennifer LillWeb 101 by Jennifer Lill
Web 101 by Jennifer Lill
 
4byte As Number Migration Suggestion
4byte As Number Migration Suggestion4byte As Number Migration Suggestion
4byte As Number Migration Suggestion
 
Rawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web ComponentsRawnet Lightning Talk - Web Components
Rawnet Lightning Talk - Web Components
 
Rawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - ElasticsearchRawnet Lightning Talk - Elasticsearch
Rawnet Lightning Talk - Elasticsearch
 
Toward The Semantic Deep Web
Toward The Semantic Deep WebToward The Semantic Deep Web
Toward The Semantic Deep Web
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop material
 
Rawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design InspirationRawnet Lightning Talk - Design Inspiration
Rawnet Lightning Talk - Design Inspiration
 
Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet Lightning Talk - 'What is an idea & how do you create them?'
Rawnet Lightning Talk - 'What is an idea & how do you create them?'
 
Noisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networksNoisy information transmission through molecular interaction networks
Noisy information transmission through molecular interaction networks
 
4 Byte As Ns Test Scenarios
4 Byte As Ns Test Scenarios4 Byte As Ns Test Scenarios
4 Byte As Ns Test Scenarios
 
20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFV20th TWNIC OPM IPv6 Support by SDN & NFV
20th TWNIC OPM IPv6 Support by SDN & NFV
 
Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.Rawnet Lightning Talk - Anyone Can Draw.
Rawnet Lightning Talk - Anyone Can Draw.
 
Network Design in Cloud-ready IDC
Network Design in Cloud-ready IDCNetwork Design in Cloud-ready IDC
Network Design in Cloud-ready IDC
 
CDN and ISP Operation
CDN and ISP OperationCDN and ISP Operation
CDN and ISP Operation
 
How Internet Works
How Internet WorksHow Internet Works
How Internet Works
 
Redundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpointRedundant Internet service provision - customer viewpoint
Redundant Internet service provision - customer viewpoint
 
Rawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' reviewRawnet Lightning talk - 'Thinking, Fast and Slow' review
Rawnet Lightning talk - 'Thinking, Fast and Slow' review
 
Multimedia- How Internet Works
Multimedia- How Internet WorksMultimedia- How Internet Works
Multimedia- How Internet Works
 
1 introduction-to-computer-networking
1 introduction-to-computer-networking1 introduction-to-computer-networking
1 introduction-to-computer-networking
 

Similaire à How To Process And Solve Network Security In ISP

Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesAlcide
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Java Abs Packet Sniffer Tool
Java Abs Packet Sniffer ToolJava Abs Packet Sniffer Tool
Java Abs Packet Sniffer Toolncct
 
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesPraetorian
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
CSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectCSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectBen Othman
 
2017 Heli-Expo - Helicopter FDM Research.
2017 Heli-Expo - Helicopter FDM Research.2017 Heli-Expo - Helicopter FDM Research.
2017 Heli-Expo - Helicopter FDM Research.IHSTFAA
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PROIDEA
 
Cisco Virtualized Network Services
Cisco Virtualized Network ServicesCisco Virtualized Network Services
Cisco Virtualized Network ServicesSoumen Chatterjee
 
RGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxRGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxVeenitTomar2
 
Skywave IoT presentation
Skywave IoT presentationSkywave IoT presentation
Skywave IoT presentationIan Skerrett
 
Free OpManager training Part 2- Monitoring Server Performance
Free OpManager training Part 2- Monitoring Server PerformanceFree OpManager training Part 2- Monitoring Server Performance
Free OpManager training Part 2- Monitoring Server PerformanceManageEngine, Zoho Corporation
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training ManageEngine, Zoho Corporation
 
Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)ChinaNetCloud
 

Similaire à How To Process And Solve Network Security In ISP (20)

Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
WebWay at a glance
WebWay at a glanceWebWay at a glance
WebWay at a glance
 
Java Abs Packet Sniffer Tool
Java Abs Packet Sniffer ToolJava Abs Packet Sniffer Tool
Java Abs Packet Sniffer Tool
 
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
 
CSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectCSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_Project
 
2017 Heli-Expo - Helicopter FDM Research.
2017 Heli-Expo - Helicopter FDM Research.2017 Heli-Expo - Helicopter FDM Research.
2017 Heli-Expo - Helicopter FDM Research.
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
 
Instant overview gokul_rajagopalan
Instant overview gokul_rajagopalanInstant overview gokul_rajagopalan
Instant overview gokul_rajagopalan
 
Cisco Virtualized Network Services
Cisco Virtualized Network ServicesCisco Virtualized Network Services
Cisco Virtualized Network Services
 
RGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxRGNet Ver.1.0.pptx
RGNet Ver.1.0.pptx
 
Skywave IoT presentation
Skywave IoT presentationSkywave IoT presentation
Skywave IoT presentation
 
Free OpManager training Part 2- Monitoring Server Performance
Free OpManager training Part 2- Monitoring Server PerformanceFree OpManager training Part 2- Monitoring Server Performance
Free OpManager training Part 2- Monitoring Server Performance
 
SIEM
SIEMSIEM
SIEM
 
Incident Response: SIEM
Incident Response: SIEMIncident Response: SIEM
Incident Response: SIEM
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)
 

Plus de Kae Hsu

FEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionFEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionKae Hsu
 
TWNIC 13th OPM session
TWNIC 13th OPM sessionTWNIC 13th OPM session
TWNIC 13th OPM sessionKae Hsu
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
 

Plus de Kae Hsu (6)

FEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionFEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP Introduction
 
TWNIC 13th OPM session
TWNIC 13th OPM sessionTWNIC 13th OPM session
TWNIC 13th OPM session
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharing
 
r2
r2r2
r2
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharing
 
Suggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharingSuggestions for end users to deploy multihoming, load-balance and load-sharing
Suggestions for end users to deploy multihoming, load-balance and load-sharing
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

How To Process And Solve Network Security In ISP

  • 1. ISP對網路安全問題之處理與解決方式 - 7th TWNIC OPM 2006/11/23, Taipei 許至凱 支援群工程處通訊網路部 kae@du.net.tw
  • 2. Agenda http://www.seed.net.tw ISP security profile Control plane security Data plane security Reference 2
  • 3. ISP security profile http://www.seed.net.tw Two positions to implement security Physical position Logical position On logical position level, deploy security mechanism on: Control plane Data plane 3
  • 4. ISP security profile http://www.seed.net.tw Control plane Data plane management routing protocol Control plane Data plane IP/MPLS packets 4
  • 5. Control plane security http://www.seed.net.tw Security issues on ISP router Secured the router Keep the routing information secured Event logging 5
  • 6. Control plane security http://www.seed.net.tw Security issues on ISP router Secured the router Keep the un-authorized traffic away Router ACL » telnet/ssh/IGP/BGP Out-of-band management Rate limit the traffic forward to control plane ICMP/UDP Use AAA when accessing the router Authentication Authorization Auditing 6
  • 7. Control plane security http://www.seed.net.tw Security issues on ISP router Keep the routing information secured Authenticated routing exchange MD5 Authenticated the route prefix RADB Bogon list » Cymru Bogon list » CompleteWhois Bogon list Authenticated the routes prefix number BGP prefix limitation 7
  • 8. Control plane security http://www.seed.net.tw RADB 8
  • 9. Control plane security http://www.seed.net.tw RADB 9
  • 10. Control plane security http://www.seed.net.tw RADB > whois -h whois.radb.net 139.175/16 route: 139.175.0.0/16 descr: Digital United Inc. (seednet) No. 220, Gangchi road, Nei-Hu district, Taipei, Taiwan, 11444 origin: AS4780 admin-c: KH54-AP tech-c: KH54-AP notify: cn@du.net.tw mnt-by: MAINT-AS4780 changed: jzs@du.net.tw 20031009 changed: kae@du.net.tw 20060605 #02:46:26(UTC) source: RADB 10
  • 11. Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 11
  • 12. Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 12
  • 13. Control plane security http://www.seed.net.tw Bogon list » Cymru Bogon list 13
  • 14. Control plane security http://www.seed.net.tw Bogon list » CompleteWhois Bogon list 14
  • 15. Control plane security http://www.seed.net.tw Bogon list » CompleteWhois Bogon list 15
  • 16. Control plane security http://www.seed.net.tw BGP prefix limitation 16
  • 17. Control plane security http://www.seed.net.tw Security issues on ISP router Event logging Router event Log everything crucial in your router Log server Routing event IGP event » LSAs history » Routes add/withdrawn history BGP event » Routes add/withdrawn 17
  • 18. Control plane security http://www.seed.net.tw Router event Log everything crucial in your router Log server Nov 21 06:25:27: %SONET-4-ALARM: POS2/3: SLOS Nov 21 06:25:29: %LINK-3-UPDOWN: Interface POS2/3, changed state to down Nov 21 06:25:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS2/3, changed state to down Nov 21 06:26:42: %SONET-4-ALARM: POS2/3: SLOS cleared Nov 21 06:26:44: %LINK-3-UPDOWN: Interface POS2/3, changed state to up Nov 21 06:26:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS2/3, changed state to up Log server 18
  • 19. Control plane security http://www.seed.net.tw Routing event IGP event » LSAs history » Routes add/withdrawn history LS A Area 0 Local area A ABR LS RIP ASBR A LS LS LS A A A LS LSA log 19 Log server
  • 20. Control plane security http://www.seed.net.tw Routing event BGP event » Routes add/withdrawn AS200 AS300 AS100 BGP update log 20 Log server
  • 21. Data plane security http://www.seed.net.tw Security issues in ISP network Prevent un-authenticated packet flow Prevent denied of service attack 21
  • 22. Data plane security http://www.seed.net.tw Security issues in ISP network Prevent un-authenticated packet flow from Internet Source address from Bogon list Source address spoofing to Internet Source address spoofing Unicast Reverse Path Forwarding (uRPF) 22
  • 23. Data plane security http://www.seed.net.tw Security issues in ISP network Prevent denied of service attack Black hole Drop packets from some BGP nodes Sink hole Redirect packets to special node 23
  • 24. Data plane security http://www.seed.net.tw Black hole DDoS attack happened!!! AS200 AS100 AS300 24
  • 25. Data plane security http://www.seed.net.tw Black hole Drop packets from some BGP nodes AS200 AS100 AS300 25
  • 26. Data plane security http://www.seed.net.tw Sink hole DDoS attack happened!!! AS200 AS100 AS300 DDoS attack happened!!! 26
  • 27. Data plane security http://www.seed.net.tw Sink hole DDoS attack happened!!! AS200 AS100 AS300 Sent some commands to border router 27
  • 28. Data plane security http://www.seed.net.tw Sink hole Redirect packets to special node AS200 AS100 AS300 28
  • 29. Reference http://www.seed.net.tw Books ISP Essentials http://www.ciscopress.com/title/1587050412 Papers “Operational Security Current Practices” http://www.ietf.org/internet-drafts/draft- ietf-opsec-current-practices-07.txt Web sites http://www.nanog.org/subjects.html#S http://www.cymru.com/Bogons/ http://www.completewhois.com/bogons/ 29
  • 30. Questions & Comments? sees your needs