The following sections list publicly available resources that detail the best recommendations for securing networks. Barry Greene, a corporate consulting engineer at Cisco Systems and an Internet security expert, supplied many of these links. Comparing MPLS VPN to Frame Relay SecurityMier Report on security comparison on MPLS VPN and Frame Relay networks Cisco MPLS-based VPNs: Equivalent to the security of Frame Relay and ATM http://www.miercom.com/?url=reports/&v=16&tf=-3&st=v ACL InformationCisco Reference for IP Receive ACLs http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800a8531.html Team CYMRU provides configuration templates, security templates, and other services to help make the Internet a safer place to network. These can be found at http://www.cymru.com/. Miscellaneous Security ToolsCisco reference for uRPF Cisco Reference for MPLS Technology and Operationhttp://www.cisco.com/pcgi-bin/Support/browse/index.pl?i=Technologies&f=3694 Cisco Reference for Cisco Express Forwardinghttp://www.cisco.com/en/US/tech/tk827/tk831/tk102/tech_protocol_home.html Public Online ISP Security BootcampSingapore Summer 2003 Barry Raveendran Greene, Philip Smith. Cisco ISP Essentials. Cisco Press, 2002. Tutorials, Workshops, and Bootcampsftp://ftp-eng.cisco.com/cons/ http://www.ispbook.com Barry Raveendran Greene and Philip Smith. Cisco ISP Essentials. Cisco Press, 2002. Original Backscatter Traceback and Customer-Triggered Remote-Triggered Black-Hole Techniqueshttp://www.secsup.org/Tracking/ http://www.secsup.org/CustomerBlackHole/ Source for Good Papers on Internet Technologies and Securityhttp://www.caida.org/ Security Work DefinitionsWhat Is a BOTNET? Keeping track of vulnerabilities in network elements NANOG SP Security Seminars and TalksTutorial: Implementing a Secure Network Infrastructure (Part I) Tutorial: ISP SecurityReal World Techniques I: Remote Triggered Black Hole Filtering and Backscatter Traceback Tutorial: ISP SecurityReal World Techniques II: Secure the CPE Edge Tutorial: ISP Security: Deploying and Using Sinkholes Tutorial: Deploying IP Anycast Watching Your Router Configurations and Detecting Those Exciting Little Changes Building a Web of Trust The Relationship Between Network Security and Spam Simple Router Security: What Every ISP Router Engineer Should Know and Practice Flawed Routers Flood University of Wisconsin Internet Time Server Trends in Denial of Service Attack Technology Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out? DoS Attacks in the Real World Diversion & Sieving Techniques to Defeat DDoS DNS DamageMeasurements at a Root Server Protecting the BGP Routes to Top Level DNS Servers BGP Security Update Industry/Government Infrastructure Vulnerability Assessment: Background and Recommendations A National Strategy to Secure Cyberspace How to Own the Internet in Your Spare Time Birds of a Feather and General Security Discussion Sessions at NANOGISP Security BOF I The Spread of the Sapphire/Slammer Worm ISP Security BOF II The BGP TTL Security Hack Security Considerations for Network Architecture Lack of Priority Queuing on Route Processors Considered Harmful Interception Technology: The Good, The Bad, and The Ugly! The NIAC Vulnerability Disclosure Framework and What It Might Mean to the ISP Community Inter-Provider Coordination for Real-Time Tracebacks ISP Security BOF III S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a Compromise to Get It? BGP Vulnerability Testing: Separating Fact from FUD BGP Attack TreesReal World Examples NRIC Best Practices for ISP Security RIPE-46 BoF: NSP-SEC (Hank Nussbacher) IRT Object in the RIPE Database (Ulrich Kiermayr) Operational Security Requirements (George M. Jones) Infrastructure Security (Nicholas Fischbach) Sean Convery. Network Security Architectures. Cisco Press, 2004. Barry Greene. Cisco ISP Essentials. Cisco Press, 2002. Saadat Malik. Network Security Principles and Practices. Cisco Press, 2002. CCSP Study Guides by Cisco Press. |