Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC.

Published bySteve Driver Modified over 9 years ago

Similar presentations

Presentation on theme: "Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC."— Presentation transcript:

1 Prepare your NOC 111

2 SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC –Make your own wish list –Talk to colleagues and get their list –Then try to make it happen No NOC is a perfect NOC—the result is always a ratio of time, money, skills, facilities, and manpower

3 SP’s/ISP’s NOC Team An SP’s/ISP’s OPerational SECurity (OPSEC) Team can be: –A NOC escalation team –A sister to the NOC — reporting to operations –Integrated team with the NOC The OPSEC Team is a critical component of the day to day operations of a large IP Transit provider.

4 2) Secure Resources Firewall, Encryption, Authentication, Audit 1) ISP’s Security Policy 3) Monitor and Respond Intrusion Detection, work the incidence, 4) Test, Practice, Drill Vulnerability Scanning 5) Manage and Improve Post Mortem, Analyze the Incident, modify the plan/procedures What Do ISPs Need to Do? Security incidence are a normal part of an ISP’s operations!

5 ? The Preparation Problem The problem - Most SP NOCs: –Do not have security plans –Do not have security procedures –Do not train in the tools or procedures –OJT (on the job training)—learn as it happens

6 PREPARATION Prep the network Create tools Test tools Prep procedures Train team Practice IDENTIFICATION How do you know about the attack? What tools can you use? What’s your process for communication? CLASSIFICATION What kind of attack is it? TRACEBACK Where is the attack coming from? Where and how is it affecting the network? REACTION What options do you have to remedy? Which option is the best under the circumstances? POST MORTEM What was done? Can anything be done to prevent it? How can it be less painful in the future? Six Phases of Incident Response

Download ppt "Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
The Active Participant- Key Process C Evaluate Performance Critically Analyse Comment on strategies and tactics Always compare against the perfect model.

The Active Participant- Key Process C Evaluate Performance Critically Analyse Comment on strategies and tactics Always compare against the perfect model.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Accident Causes, Prevention and Control

Accident Causes, Prevention and Control
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.

Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
Joel Maloff Phone.com February, 2012.

Joel Maloff Phone.com February, 2012.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
Security Guide for Interconnecting Information Technology Systems

Security Guide for Interconnecting Information Technology Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 11.

Intrusion Detection MIS ALTER 0A234 Lecture 11.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Similar presentations

Ads by Google