Selecting MPLS VPN Services
| The following sections list publicly available resources that detail the best recommendations for securing networks. Barry Greene, a corporate consulting engineer at Cisco Systems and an Internet security expert, supplied many of these links. Comparing MPLS VPN to Frame Relay Security
Mier Report on security comparison on MPLS VPN and Frame Relay networks Cisco MPLS-based VPNs: Equivalent to the security of Frame Relay and ATM http://www.miercom.com/?url=reports/&v=16&tf=-3&st=v ACL Information
Cisco Reference for IP Receive ACLs http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800a8531.html Team CYMRU provides configuration templates, security templates, and other services to help make the Internet a safer place to network. These can be found at http://www.cymru.com/. Miscellaneous Security Tools
Cisco reference for uRPF http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7d4.html Cisco Reference for MPLS Technology and Operation
http://www.cisco.com/pcgi-bin/Support/browse/index.pl?i=Technologies&f=3694 Cisco Reference for Cisco Express Forwarding
http://www.cisco.com/en/US/tech/tk827/tk831/tk102/tech_protocol_home.html Public Online ISP Security Bootcamp
Singapore Summer 2003 http://palomar.getitmm.com/bootcamp/ Barry Raveendran Greene, Philip Smith. Cisco ISP Essentials. Cisco Press, 2002. Tutorials, Workshops, and Bootcamps
ftp://ftp-eng.cisco.com/cons/ http://www.ispbook.com Barry Raveendran Greene and Philip Smith. Cisco ISP Essentials. Cisco Press, 2002. Original Backscatter Traceback and Customer-Triggered Remote-Triggered Black-Hole Techniques
http://www.secsup.org/Tracking/ http://www.secsup.org/CustomerBlackHole/ Source for Good Papers on Internet Technologies and Security
http://www.caida.org/ Security Work Definitions
What Is a BOTNET? http://swatit.org/bots/index.html Keeping track of vulnerabilities in network elements http://www.securitytracker.com/startup/index.html NANOG SP Security Seminars and Talks
Tutorial: Implementing a Secure Network Infrastructure (Part I) http://www.nanog.org/mtg-0310/kaeo.html Tutorial: ISP SecurityReal World Techniques I: Remote Triggered Black Hole Filtering and Backscatter Traceback http://www.nanog.org/mtg-0110/greene.html Tutorial: ISP SecurityReal World Techniques II: Secure the CPE Edge http://www.nanog.org/mtg-0210/ispsecure.html Tutorial: ISP Security: Deploying and Using Sinkholes http://www.nanog.org/mtg-0306/sink.html Tutorial: Deploying IP Anycast http://www.nanog.org/mtg-0310/miller.html Watching Your Router Configurations and Detecting Those Exciting Little Changes http://www.nanog.org/mtg-0310/rancid.html Building a Web of Trust http://www.nanog.org/mtg-0310/abley.html The Relationship Between Network Security and Spam http://www.nanog.org/mtg-0310/spam.html Simple Router Security: What Every ISP Router Engineer Should Know and Practice http://www.nanog.org/mtg-0310/routersec.html Flawed Routers Flood University of Wisconsin Internet Time Server http://www.nanog.org/mtg-0310/plonka.html Trends in Denial of Service Attack Technology http://www.nanog.org/mtg-0110/cert.html Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out? http://www.nanog.org/mtg-0110/moore.html DoS Attacks in the Real World http://www.nanog.org/mtg-0110/irc.html Diversion & Sieving Techniques to Defeat DDoS http://www.nanog.org/mtg-0110/afek.html DNS DamageMeasurements at a Root Server http://www.nanog.org/mtg-0202/evi.html Protecting the BGP Routes to Top Level DNS Servers http://www.nanog.org/mtg-0206/bush.html BGP Security Update http://www.nanog.org/mtg-0206/barry.html Industry/Government Infrastructure Vulnerability Assessment: Background and Recommendations http://www.nanog.org/mtg-0206/avi.html A National Strategy to Secure Cyberspace http://www.nanog.org/mtg-0210/sachs.html How to Own the Internet in Your Spare Time http://www.nanog.org/mtg-0210/vern.html Birds of a Feather and General Security Discussion Sessions at NANOG
ISP Security BOF I http://www.nanog.org/mtg-0210/securebof.html The Spread of the Sapphire/Slammer Worm http://www.nanog.org/mtg-0302/weaver.html ISP Security BOF II http://www.nanog.org/mtg-0302/securebof.html The BGP TTL Security Hack http://www.nanog.org/mtg-0302/hack.html Security Considerations for Network Architecture http://www.nanog.org/mtg-0302/avi.html Lack of Priority Queuing on Route Processors Considered Harmful http://www.nanog.org/mtg-0302/gill.html Interception Technology: The Good, The Bad, and The Ugly! http://www.nanog.org/mtg-0306/schiller.html The NIAC Vulnerability Disclosure Framework and What It Might Mean to the ISP Community http://www.nanog.org/mtg-0306/duncan.html Inter-Provider Coordination for Real-Time Tracebacks http://www.nanog.org/mtg-0306/moriarity.html ISP Security BOF III http://www.nanog.org/mtg-0306/securitybof.html S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a Compromise to Get It? http://www.nanog.org/mtg-0306/sbgp.html BGP Vulnerability Testing: Separating Fact from FUD http://www.nanog.org/mtg-0306/franz.html BGP Attack TreesReal World Examples http://www.nanog.org/mtg-0306/hares.html NRIC Best Practices for ISP Security http://www.nanog.org/mtg-0306/callon.html RIPE-46 BoF: NSP-SEC (Hank Nussbacher) http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-nsp-sec.pdf IRT Object in the RIPE Database (Ulrich Kiermayr) http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-irt.pdf Operational Security Requirements (George M. Jones) http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-techsec-ops-security.pdf Infrastructure Security (Nicholas Fischbach) http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-fischbach.pdf Sean Convery. Network Security Architectures. Cisco Press, 2004. Barry Greene. Cisco ISP Essentials. Cisco Press, 2002. Saadat Malik. Network Security Principles and Practices. Cisco Press, 2002. CCSP Study Guides by Cisco Press. |
Категории