Full Abstract

This tutorial provides detailed technical information about security technologies that should be considered when securing any networking infrastructure. Technologies to be covered include S/Key, 802.1x, RADIUS, TACACS+, SSH, SSL, L2TP, and IPsec. We will show specific architectures and configuration examples to effectively secure network infrastructures comprising routers, switches, and firewalls. Configuration examples will be vendor-independent and will include much of the most widely deployed equipment. The three 90-minute sessions will cover:

• Security technology details
• Secure infrastructure architectures
• Sample configuration scenarios.

Speakers
Merike Kaeo, None
Merike Kaeo is currently a consultant, focusing primarily on security-related products and network design solutions. She has been in the networking industry for more than 15 years, starting out at the National Institutes of Health in Bethesda, MD, from 1988 to 1993, designing and implementing the original FDDI backbone for the NIH campus using Cisco routers. From 1993 to 2000, Merike was employed by Cisco Systems, Inc., where she worked primarily on technical issues relating to router performance, network routing protocols, network design, and network security. She was a lead member of Cisco's security initiative, has acted as a technical advisor for security startup companies, and has been an instructor and speaker at a variety of security-related conferences. Merike is the author of Designing Network Security, published in May 1999 by Cisco Press, with a 2nd edition due out in October 2003.

Full Abstract

This tutorial covers common problems ISPs have when deploying BGP within their networks. We look at issues with peer establishment, missing routes, inconsistent route selection, and convergence issues. We also examine real-world examples of common errors that are made when deploying BGP, both as iBGP and eBGP, in service provider networks.

Speakers
Philip Smith, Cisco Systems
Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent 5 years at PIPEX (now part of UUNET's global ISP business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, ISBN 1-58705-041-2, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.

Full Abstract

IP Anycast is an older technology that has seen a bit of a resurgence in recent months, perhaps encouraged by its use in providing several of the root servers. In designating certain unicast addresses as 'anycast,' operators configure these addresses on multiple machines, and configure routes to each host. When traffic is directed to an anycast address, routers select one path from potentially several valid paths to forward traffic (thus, no change from traditional unicast forwarding). One server receives each packet and responds to the requester. In configuring multiple hosts to respond to the same address, stateless protocols such as DNS can be easily scaled. Servers can be located in closer proximity to clients, providing faster responses to queries. In the event of a single host failure, routes can quickly be withdrawn and servers in other locations handle the request traffic, all without any changes to client configurations. Recursive DNS clients built into many of today's operating systems deal rather poorly with a failure of their primary recursive server. Of eight operating systems evaluated in a recent survey, seven kept no history of failed servers, trying each DNS query against the first server and waiting for a response before moving to secondary servers. Using anycast, service is maintained even in the face of a single or multiple host failure. This substantially reduces resolution delays due to server failure. DNS will serve as an example of successful anycast use, but the strategies described are also applicable to other stateless protocols.

Speakers
Kevin Miller, Carnegie Mellon UniversityKevin Miller i
Kevin Miller is a Network Systems Developer at Carnegie Mellon University, where he is responsible for development and maintenance of campus network services. He holds a Bachelor of Science in Computer Science degree from Carnegie Mellon.

Full Abstract

Speakers
Merike Kaeo, Merike, Inc.

Full Abstract

This tutorial provides an overview of some of the applications enabled by MPLS. The session is a high-level, vendor-independent tutorial targeted at network engineers and service providers who are not familiar with MPLS applications. It is a follow-up to Salt Lake City's Introduction to MPLS tutorial, which discussed basic MPLS building blocks and signaling protocols. Our goal is to provide the audience a high-level view of the applications where MPLS is used. Topics covered will include: traffic engineering, protection and restoration, MPLS VPNs, and pseudo-wires.

Speakers
Ina Minei, Juniper

Full Abstract

Speakers
Merike Kaeo, Merike, Inc.

Full Abstract

Speakers
Ron da Silva, AOL Time Warner
Ron da Silva is the Principal Architect for Network Operations at America Online. He has extensive experience running large IP networks and has had the unique experience of building an international backbone from concept, which since evolved to be a full-scale, tier-one ISP (AS1668). Ron is active in various industry organizations and serves on the Technical Advisory Council for ARIN.

Carl Hutzler, AOL Time Warner
Carl Hutzler is the Director of Anti-Spam Operations at AOL. He joined America Online as a Project Manager in 1997, and led the re-architecture of the AOL mailbox system. In 2001, Carl took on the additional responsibility of Anti-Spam Operations. His team has implemented technologies that are now responsible for blocking over 80% of the spam that is attempted to AOL customers. Carl also leads the AOL Postmaster team. Prior to joining AOL Technologies, Carl was a network design engineer with Booz, Allen & Hamilton, Inc.

Full Abstract

Who Really Owns Your Routers?, by Rob Thomas The underground continues to abuse and trade compromised routers for a variety of reasons. In this presentation, the history of the ubiquitous compromise of routers will be detailed, along with the present-day picture of how routers are compromised, traded, and abused. The motivations behind this activity will be presented, thus giving the listener a frame of reference for this and many hacking activities. Router Security - Approaches and Techniques You Can Use Today, by Neal Ziring Today's routers have substantial features for protecting themselves and the networks they support. This talk will present a simple conceptual framework for router security, and describe several important security techniques and technologies you can use right now. The talk will be non-vendor-specific. Knobs, Levers, Dials and Switches: Now and Then, by George Jones Have you ever encountered a device that had well-known default passwords, did not do any logging, was open for use as a smurf amplifier, and had 25 open ports out of the box, including an HTTP management interface using in-the-clear password authentication ? Then this talk is for you. We will present a very brief overview of a list of generic features that are needed to be able to deploy a device securely as part of an operational network. It is drawn from the IETF draft draft-jones-opsec-01.txt, "Operational Security Requirements for IP Network Infrastructure." Areas covered will include Device Management, In-Band Management and OOB Management, User Interface, IP Stack, Rate Limiting, Basic Filtering Capabilities, Packet Filtering Criteria, Packet Filtering Counters, Event Logging, AAA, and Layer 2 issues. The "Now" portion covers "Best Current Practices." The "Then" portion covers security features that are not current, but should be. Come prepared to share your own wish lists and war stories.

Speakers
Moderator - Randy Bush, Randy Bush
Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio's first acquisition. Randy is currently a member of the IESG, serving as co-chair of the IETF Operations and Management Area, mainly covering the operations area. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

Panelist - George Jones, MITRE
George Jones is a Lead Information Systems Engineer for the MITRE corporation. Previous positions included work as a senior network security engineer for UUNET, where he was responsible for securing datacenter and routing infrastructure; Bank One, where he was a member of the Information Security team and helped establish the internal CERT TEAM; and Compuserve Network Services, where he was a network security engineer. George is the author of the Router Audit Tool (RAT) and Benchmark for Cisco IOS, a free tool and configuration guide published by the Center for Internet Security. He holds a B.S. in Computer and Information Science from The Ohio State University. George is currently editing an IETF draft, draft-jones-opsec-01.txt, on operational security requirements for IP network infrastructure devices.

Panelist - Rob Thomas, Cisco/Team Cymru
Rob Thomas is a researcher at Cisco Systems, as well as the lead researcher for Team Cymru. Rob studies a wide variety of network security issues, including malware analysis, DDoS, and trends. Rob is a Liaison Member of FIRST and an ISC Fellow. Prior to working for Cisco Rob worked as a network architect, an engineer, and is a recovering UNIX kernel developer.

Panelist - Neal Ziring, NSA
Neal Ziring is a Defense Intelligence Senior Level computer scientist with the NSA. He joined NSA in 1989, and has spent his time there mostly in security evaluations. Since 1996, he has worked in network and protocol security, and is editor of NSA's Router Security Configuration Guide. Prior to joining NSA, Neal worked on software tools at AT&T Bell Labs. He has an MS in Computer Science and a BS in Electrical Engineering, both from Washington University in St. Louis.

Full Abstract

This talk describes the AOL backbone network conversion from a multi-area OSPF IGP to IS-IS. Topics covered include reasoning for the migration, implementation, verification, and deployment of IS-IS in a live network with no visible impact to the service.

Speakers
Vijay Gill, AOL Time Warner
Jon Mitchell, AOL Time Warner

Full Abstract

Router testing has focused on isolated performance of control plane protocols and data plane forwarding. This is not always adequate to validate a router for network deployment, as routers in an operational network are simultaneously configured with multiple protocols and security policies while forwarding traffic and being managed. To accurately benchmark a router for deployment it is necessary to test the router in operational conditions by simultaneously configuring network protocols and security policies, sourcing traffic, and managing the router. Operational network conditions may be accelerated to benchmark the router under stress, enabling service providers to truly evaluate readiness for deployment. This presentation will discuss the benefits of router stress testing, stress testing model and framework, and current effort to standardize router stress testing in the IETF's Benchmarking Methodology Working Group.

Speakers
Scott Poretsky, Quarry
Scott Poretsky is currently Software Quality Assurance Manager at Quarry Technologies. Prior to that, he spent six years at Avici Systems as Manager of Product Verification. Scott also held network engineering positions with General DataComm and Raytheon Company. He has been an active contributor for router benchmarking standardization with the IETF's Benchmarking Methodology Working Group, where he has authored numerous Internet-Drafts. Scott has three IEEE published papers and a patent for ATM networking. He earned an MSEE from the Worcester Polytechnic Institute and a BSEE from the University of Vermont.

Shankar Rao, Qwest
Shankar Rao is a member of the Technology Management group at Qwest, where he is engaged in design and development of the core IP network infrastructure as well as new product engineering. He served in an operational role at Sprint for three years prior to joining Qwest in 1998. Shankar has a MS degree in Computer Science from the George Mason University, and a BS degree from the University of Mysore, India.

Full Abstract

Speakers
Susan Harris, Merit Network

Full Abstract

This presentation reviews protocol and implementation optimizations, as well as design and deployment guidelines, which should be considered for sub-second ISIS convergence in an ISP backbone. We will share the details of our test methodology and results.

Speakers
Clarence Filsfils, Cisco Systems

Full Abstract

Several recent studies have indicated that human configuration error is a leading cause of network downtime. Network operators need better verification techniques to ensure that routers are configured correctly. Distributed dependencies in wide-area routing cause small configuration mistakes or oversights to spur complex errors, which sometimes have devastating effects on global connectivity. These errors are often difficult to debug because they are sometimes only exposed by a specific message arrival pattern or failure scenario.

The state-of-the art for router configuration checking typically consists of logging changes to the configuration and rolling back to a previous version in the event that a problem should arise. This approach is inadequate because (1) it assumes that the previous configuration was correct in the first place and (2) it relies on the coincidence of configuration change and the appearance of an anomaly, rather than a systematic cause-and-effect analysis. In an effort to develop more systematic techniques for validating BGP configuration, we propose a systematic approach to configuration checking that is based on verifying conformance to the following set of high-level properties:

• Validity: Are bogus paths being advertised?
  
  
• Visibility: Is BGP advertising every path that it should be?
  
  
• Safety: Will BGP converge to a unique, stable answer?
  
  
• Determinism: Do the best routes that BGP selects depend on the order in which routing messages arrive?
  
  
• Information-flow control: Is BGP leaking "private" information to other ASes?
  
  

For each property, we determine the aspects of configuration that affect these high-level properties, and define rules that can be checked against router configuration using static analysis techniques.

We present a tool that network operators can use to test BGP configuration for some common, elusive, and catastrophic errors. The tool checks configuration on an AS-wide level against a set of rules. These rules statically analyze the router configuration files and verify that specific constraints are satisfied. While the rules that the tool tests are by no means exhaustive, we have designed our tool in a way that allows for easy extensibility. We hope that the NANOG community will apply the tool to their own configuration files and suggest new rules and features that should be incorporated.

While static analysis can catch many configuration errors, simulation and emulation are typically necessary to determine the precise scenarios that could expose runtime errors. Based on these observations, we propose the design of a BGP verification tool that uses a combination of static and dynamic analysis, present examples where it could be applied in practice, and describe future research challenges.

Speakers
Hari Balakrishnan, MIT
Nick Feamster, MIT
Nick Feamster is a graduate student in the Networks and Mobile Systems group at the MIT's Computer Science and Artificial Intelligence Laboratory (formerly LCS) under the supervision of Professor Hari Balakrishnan. He is interested in wide-area networking, network measurement, and security. His current research focuses on verification techniques for BGP and interdomain traffic engineering. He is an NSF Graduate Research Fellow and the recipient of the Best Student Paper awards at the USENIX Security Symposium in 2001 and 2002. Nick received his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively.

Full Abstract

This presentation provides an overview of the BGP MED attribute:

• What are MEDs?
• Potatoes (cold, hot, mashed)
• Deriving MED values
• Why MEDs break with aggregation
• MEDs from different ASes
  • Different policies
  • Different IGPs
  • Implementation caveats
    • No MED v. MED 0
    • MEDs with confeds
    • To advertise or not to advertise (BGP spec adv. rules)
• MEDs and persistent route oscillation (RFC 3345)
• The effect of MEDs on BGP updates
  • IGP link flap = MED churn, domino effect
• Effects of attributes on BGP update packing and convergence

Speakers
Danny McPherson, Arbor Networks

Full Abstract

There has been quite a disturbing development in the telecommunications industry during the past few months. More and more vendors seem to be abandoning the use of standard gigabit interface converters (GBICs). The GBIC interface standards were developed to allow mass production, greater quality control, and lower cost interfaces for a wide range of multi-vendor telecommunications equipment. The success of the existing GBIC deployment indicates this has worked very well to date. Basically, all of the mainstream network equipment vendors don't even make their own GBICs. They simply re-market a standard GBIC produced by one of the handful of GBIC manufacturers. Mixing and matching of these standardized GBICs between multi-vendor equipment is prevalent in the industry today. However, the new smaller form factor SFP GBICs have introduced a new "Vendor ID" field on the EPROM. Some mainstream equipment vendors are now starting to use this field to ensure that only the GBICs they re-sell are used in their network equipment. If another GBIC is used, the GBIC port will be disabled even though the GBIC you insert is identical (from the same OEM and production run) as the GBIC that is being re-marketed by the equipment vendor. This has potentially huge cost and support issues for our industry. This is especially true if equipment vendors decide not to grandfather the unrestricted use of the older existing GBICs -- which at least one vendor is planning. This talk presents a brief history and summarizes the current state of GBICs, and the GBIC standard, in the industry.

Speakers
Dave Wodelet, Shaw Communications
Dave Wodelet is the Chief Network Architect for Shaw Communications. He is responsible for IP backbone architecture and deployment throughout Canada, the United States and Europe.

Full Abstract

Speakers
John Heasley