Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

The Active Participant- Key Process C Evaluate Performance Critically Analyse Comment on strategies and tactics Always compare against the perfect model.
Incident Response Managing Security at Microsoft Published: April 2004.
Accident Causes, Prevention and Control
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Network Security Testing Techniques Presented By:- Sachin Vador.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
Joel Maloff Phone.com February, 2012.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
Security Guide for Interconnecting Information Technology Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Intrusion Detection MIS ALTER 0A234 Lecture 11.
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Current Network Schema Router Internet Switch PC.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
What does “secure” mean? Protecting Valuables
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
Alberto Rivai Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai
Lecture 7 Network & ISP security. Firewall Simple packet-filters Simple packet-filters evaluate packets based solely on IP headers. Source-IP spoofing.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Information Security What is Information Security?
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Scott Charney Cybercrime and Risk Management PwC.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Assuring Reliable and Secure IT Services Chapter 6.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
1 NES554: Computer Networks Defense Course Overview.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Incident Response Christian Seifert IMT st October 2007.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
PRESENTED BY : Bhupendra Singh
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Onsite CRM Security
Managing Compliance for All Departments
OIT Security Operations
Risk management.
Working at a Small-to-Medium Business or ISP – Chapter 8
Capabilities Matrix Access and Authentication
Making Information Security Manageable with GRC
Putting Problem Solving into Practice with a Schedule!!!
Intrusion Detection & Prevention
ISMS Information Security Management System
Putting Problem Solving into Practice with a Schedule!!!
Incident response and intrusion detection
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Presentation transcript:

Prepare your NOC 111

SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC –Make your own wish list –Talk to colleagues and get their list –Then try to make it happen No NOC is a perfect NOC—the result is always a ratio of time, money, skills, facilities, and manpower

SP’s/ISP’s NOC Team An SP’s/ISP’s OPerational SECurity (OPSEC) Team can be: –A NOC escalation team –A sister to the NOC — reporting to operations –Integrated team with the NOC The OPSEC Team is a critical component of the day to day operations of a large IP Transit provider.

2) Secure Resources Firewall, Encryption, Authentication, Audit 1) ISP’s Security Policy 3) Monitor and Respond Intrusion Detection, work the incidence, 4) Test, Practice, Drill Vulnerability Scanning 5) Manage and Improve Post Mortem, Analyze the Incident, modify the plan/procedures What Do ISPs Need to Do? Security incidence are a normal part of an ISP’s operations!

? The Preparation Problem The problem - Most SP NOCs: –Do not have security plans –Do not have security procedures –Do not train in the tools or procedures –OJT (on the job training)—learn as it happens

PREPARATION Prep the network Create tools Test tools Prep procedures Train team Practice IDENTIFICATION How do you know about the attack? What tools can you use? What’s your process for communication? CLASSIFICATION What kind of attack is it? TRACEBACK Where is the attack coming from? Where and how is it affecting the network? REACTION What options do you have to remedy? Which option is the best under the circumstances? POST MORTEM What was done? Can anything be done to prevent it? How can it be less painful in the future? Six Phases of Incident Response

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.