^ Top

NANOG Meeting Presentation Abstract

Panel: Simple Router Security, What Every ISP Router Engineer Should Know and Practice
Meeting: NANOG29
Date / Time: 2003-10-20 2:00pm - 3:00pm
Room: Salons A-E
Presenters: Moderators:

Randy Bush, Randy Bush

Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio\'s first acquisition. Randy is currently a member of the IESG, serving as co-chair of the IETF Operations and Management Area, mainly covering the operations area. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

Rob Thomas, Cisco/Team Cymru

Rob Thomas is a researcher at Cisco Systems, as well as the lead researcher for Team Cymru. Rob studies a wide variety of network security issues, including malware analysis, DDoS, and trends. Rob is a Liaison Member of FIRST and an ISC Fellow. Prior to working for Cisco Rob worked as a network architect, an engineer, and is a recovering UNIX kernel developer.

Neal Ziring, NSA

Neal Ziring is a Defense Intelligence Senior Level computer scientist with the NSA. He joined NSA in 1989, and has spent his time there mostly in security evaluations. Since 1996, he has worked in network and protocol security, and is editor of NSA\'s Router Security Configuration Guide. Prior to joining NSA, Neal worked on software tools at AT&T Bell Labs. He has an MS in Computer Science and a BS in Electrical Engineering, both from Washington University in St. Louis.

George Jones, MITRE

George Jones is a Lead Information Systems Engineer for the MITRE corporation. Previous positions included work as a senior network security engineer for UUNET, where he was responsible for securing datacenter and routing infrastructure; Bank One, where he was a member of the Information Security team and helped establish the internal CERT TEAM; and Compuserve Network Services, where he was a network security engineer. George is the author of the Router Audit Tool (RAT) and Benchmark for Cisco IOS, a free tool and configuration guide published by the Center for Internet Security. He holds a B.S. in Computer and Information Science from The Ohio State University. George is currently editing an IETF draft, draft-jones-opsec-01.txt, on operational security requirements for IP network infrastructure devices.
Abstract: Who Really Owns Your Routers?, by Rob Thomas
The underground continues to abuse and trade compromised routers for a variety of reasons. In this presentation, the history of the ubiquitous compromise of routers will be detailed, along with the present-day picture of how routers are compromised, traded, and abused. The motivations behind this activity will be presented, thus giving the listener a frame of reference for this and many hacking activities.

Router Security - Approaches and Techniques You Can Use Today, by Neal Ziring
Today\'s routers have substantial features for protecting themselves and the networks they support. This talk will present a simple conceptual framework for router security, and describe several important security techniques and technologies you can use right now. The talk will be non-vendor-specific.

Knobs, Levers, Dials and Switches: Now and Then, by George Jones
Have you ever encountered a device that had well-known default passwords, did not do any logging, was open for use as a smurf amplifier, and had 25 open ports out of the box, including an HTTP management interface using in-the-clear password authentication ? Then this talk is for you.

We will present a very brief overview of a list of generic features that are needed to be able to deploy a device securely as part of an operational network. It is drawn from the IETF draft draft-jones-opsec-01.txt, \"Operational Security Requirements for IP Network Infrastructure.\" Areas covered will include Device Management, In-Band Management and OOB Management, User Interface, IP Stack, Rate Limiting, Basic Filtering Capabilities, Packet Filtering Criteria, Packet Filtering Counters, Event Logging, AAA, and Layer 2 issues. The \"Now\" portion covers \"Best Current Practices.\" The \"Then\" portion covers security features that are not current, but should be. Come prepared to share your own wish lists and war stories.
Files: pdfGeorge Jones Presentation(PDF)
pdfNeal Ziring Presentation(PDF)
youtubeSimple Router Security, What Every ISP Router Engineer
Sponsors: None.

Back to NANOG29 agenda.

NANOG29 Abstracts


^ Back to Top