A Checklist for Developing Defenses

Step

Description

Filter your BGP prefix announcements to your peers.

Ensure you only announce your authorized networks.

Filter BGP prefix announcements from your peers.

Unless you are taking full routing, filter only specific routes you wish to receive.

Filter bogons and unallocated / unassigned prefixes from your peers.

You may develop ACLs by tracking IANA allocations , but you may wish to utilize the Cymru bogon feed for automated updates. Utilize uRPF at the edge of the network to block packets with spoofed bogon/unallocated IP addresses, and prevent backscatter .

Understand Internet routing.

Understanding Internet routing and policy between ISPs will help you identify attacks against your infrastructure and/or problems related to misconfigured policy.

Understand your ISP's routing policy.

Ask your ISP if it utilizes a routing registry. Ask how it ensures that no one can hijack your prefix. Ask how it ensures routing stability in its network.

Know your ISP's AUP.

Understand your ISP's AUP, and ask questions as to what it actually monitors , and how it will work with you in the event of a security incident (DDoS attack, routing attack, etc.).

Understand your ISP's managed services.

If your ISP is managing your firewall and/or border router, ask questions about the policies and procedures to ensure that you are comfortable placing your security in the ISP's hands.

Understand your ISP's incident response plan.

Know whom to contact within your ISP and how to coordinate with it, to help with tracking and mitigation of attacks on your infrastructure. Encourage your provider to participate in the INOC-DBA system, if they don't already.

Recommended Reading

  • Practical BGP by Russ White, Danny McPherson, and Srihari Sangli (Addison-Wesley Professional, 2004)

  • Cisco ISP Essentials by Barry Raveendran Greene and Philip Smith (Cisco Press, 2002)

  • http://www.research.att.com/lists/ietf-itrace/2001/08/msg00017.html

  • http://www.faqs.org/rfcs/bcp/bcp38.html



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net