Project FENIX by NIX.CZ Tomas Marsalek APRICOT 2015 Fukuoka, 3. 3. 2015.

Slides:

Advertisements

Similar presentations

© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)

Advertisements

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

National Database Templates for the Biosafety Clearing-House Application (NDT-nBCH) Overview of the US nBCH Applications.

Review iClickers. Ch 1: The Importance of DNS Security.

Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.

IPv6 Planning and Implementation at PSU.  1986 – PSU gets Class B network ( ) & 5 Class C networks  1988 – Department of Computer.

Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.

Building Applications with SIP Conferencing / Collaboration Alan D. Percy Director, Market Development AudioCodes.

Public Government: IPv6 Take off Monitoring Jiří Průša (CZ.NIC Association), Frankfurt, 23 May 2014.

Career Networking: Utilizing LinkedIn and Other Social Media Tools Brian White, College Relations Manager, Payless ShoeSource Sara Clayton, Assistant Director,

Lecture 11 Social Media & its Impacts on Society.

Lisa Farmer, Cedo Vicente, Eric Ahlm

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

(Geneva, Switzerland, September 2014)

Freedom of Expression Harun Kotan ITEC317 Harun Kotan ITEC317.

Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Optimal course of IXP development – NIX.CZ Tomáš Maršálek NIX.CZ, Director of Association , Apricot2009.

Creating the global research village The GEANT & NREN Service Set Toby Young – GEANT Service coordinator TF-MSP - 11 Feb Vienna.

How CESNET Got Access to Dark Fibres Jan Gruntorád Managing Director CESNET Czech Republic SERENATE NREN Workshop February 4 – 5, 2003.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

Vadim Garbuz Director, Business Development ENOG UA-IX: exit from the turbulence.

NIX.CZ development: a broader view Martin Semrad ENOG 9 Kazan,

Large Space IPv4 Trial Usage Program for Future IPv6 Deployment ACTIVITIES UPDATE Vol.5 APNIC 16 Meeting / Policy SIG August 21st, 2003 at Seoul Kosuke.

SPAM Settings. The ExchangeDefender Admin Site is a powerful tool that gives you access to all of the benefits ExchangeDefender has to offer, from the.

CERT AM: Securing NREN in Armenia. Armenian NREN ASNET AM – Connecting more than 40 academic institutes of NAS RA and more than 10 other research, educational.

Relay Online Event Manager Training. Ground Rules Please turn off all cell phones Everybody participates Everybody has an equal voice No sidebars, please.

Building a More Trusted and Secure Internet RIPE 70, May

CSC 104 December 13,2012. Internet Regulation: States that it is about restricting or controlling certain pieces of information. This consisting of censorship.

A Generalized Effectuate Strategy for Mash-up Mobile Circumstances A Generalized Effectuate Strategy for Mash-up Mobile Circumstances Project Guide M.J.Jeyasheela.

TERENA update Karel Vietsch TERENA CEO Internet2 Fall Meeting, Atlanta 30 October 2000.

Hurdles in implementation of cyber security in India.

LACNIC Update Dr. Arturo L. Servín LACNIC APNIC 30 Gold Coast, August

© 2010 by FIRST.ORG, Inc. Slide 1 Information Exchange Among FIRST members Damir Rajnovic.

Chapter 4: Implementing Firewall Technologies

Connect. Communicate. Collaborate The Security Model of GÉANT2: A Co-operative Approach Christoph Graf, SWITCH TNC’07, Lyngby, 22 May 2007.

ECPA 2015 The Czech Republic Entry E-SAFETY. BRIEF INTRODUCTUION prevention / education / research / intervention risky communication phenomena (Internet.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

Janis Buikauskis Joe Kubena Kyle Nelson Chris Schrader.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Benefits and Value of an IXP The IXP Value Proposition.

Malicious Yahoo! Xtra attack: minimising customer impact.

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

Travesoft A web product developed for Travel & Tours Companies by Gridaxis softwares travesoft.gridaxis.in Gridaxis Softwares.

Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

David Wigley HCC Security Architect Security Trends for 2016.

Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia

Networks ∙ Services ∙ People GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

Recrusoft A web product developed for Recruitment / Placement Agencies by Gridaxis softwares recrusoft.gridaxis.in Gridaxis Softwares.

Local League & JTT Coordinator

TECHNOLOGY GUIDE THREE

CONNECTING TO THE INTERNET

Thoughts on our network

LCG/EGEE Incident Response Planning

TECHNOLOGY GUIDE THREE

Quicken Technical Support Phone Number

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Cyber Security Gloria Stephenson

FIRST How can MANRS actions prevent incidents .

TECHNOLOGY GUIDE THREE

Presentation transcript:

Project FENIX by NIX.CZ Tomas Marsalek APRICOT 2015 Fukuoka,

NIX.CZ introduction Neutral platform 5 data centers in Prague 123 connected networks 41 international networks 360 Gbps peek data flow Project FENIX

FENIX Reaction to DOS attacks in 3/ days long Multiple CZ targets media, banks, cell phone operators, Seznam.cz (CZ “Google”) Source of attacks out of CZ Nothing from CZ Through upstream and NIX.CZ No response source

FENIX Club of “trustworthy” companies Technical tool “Secure VLAN” Czech eyeballs can connect to local content home banking, media, … Island mode last resort Faster than regulations High joining criteria

FENIX organization rules End user terms and conditions spam, attacks 24x7 technical conditions no IVR CSIRT team listed by Trusted Introducer, Terena Active participation Recommendation from 2 members, no veto

FENIX technical rules BCP-38/SAC004 – granularity /24 (/48) RTBH filtering using RS IPv6, DNSSEC Full redundancy on NIX.CZ Network monitoring (MRTG, NetFlow,...) Control plane policy RFC6192 DNS, NTP, SNMP amplification protection Security incident time <30min BGP – TCP MD5

FENIX start 6 founding companies – January 2014 Active 24 CESNET (NREN) CZ.NIC Dial Telecom Seznam.cz Telefonica Czech Republic (incumbent operator) NIX.CZ supervisor over rules

Year of FENIX 3 new members Technical implementation RTBH testing Brand name announcement Micro web site fe.nix.cz Island mode test

Members of FENIX New candidates

FENIX at Slovakia Take over of SITELiX CSIRT.SK discusions More info at Peering Day

Follow us.. and at