Physical Data Link IPv4/IPv6 TCP,UDP WWW, , SSH, Telnet.

Slides:

Advertisements

Similar presentations

RIPE NCC DNS Update Anand Buddhdev. Anand Buddhdev, 15 May K-root Service stable with 17 instances – 5 global – 12 local (prefixes announced with.

Advertisements

Presenter: Mark Elkins Topic: Things not getting done.

Review iClickers. Ch 1: The Importance of DNS Security.

1IPv6 Day in Armenia, Yerevan, June 6, IPv6 Day in Armenia I.Mkrtumyan ISOC AM.

1 Securing BGP using DNSSEC Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

Internet Operations and the RIRs. Overview ARIN and the Regional Internet Registry (RIR) System IP Number Resources, DNS and Routing IP Address Management.

RIS Resource Allocations A special report on an endangered species …

1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.

Reverse DNS Delegations, Templates and RWS Andy Newton Chief Engineer.

Traffic Engineering for CDNs Matt Jansen Akamai Technologies APRICOT 2015.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

IT 210 The Internet & World Wide Web introduction.

Exterior Gateway Protocol Border Gateway Protocol (BGP) Interior Gateway Protocol Routing Information Protocol (RIP) Enhanced Interior Gateway Protocol.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

CustomerSegment and workloads Your Datacenter Active Directory SharePoint SQL Server.

APNIC Policy Update 1 st TWNIC IP Open Policy Meeting 3 December, 2003 Taipei, Taiwan.

SECURING BGP Matthew Nickasch University of Wisconsin-Platteville Dept. of Computer Science & Software Engineering.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ

Measuring IPv6 Deployment Geoff Huston George Michaelson

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Infrastructure Attack Vectors and Mitigation Benno Overeinder NLnet Labs.

1 Barriers to Enum What VoIP providers ask about Enum Dr. Dorgham Sisalem.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

2016 Services Roadmap APNIC Services George Kuo 9 September 2015 Jakarta.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.

Introduction & Vision. Introduction MANTICORE provides a software implementation and tools for providing and managing routers and IP networks as services.

GoBGP Open Source BGP implementation

New Features and Upcoming Features in ARIN Online Andy Newton, Chief Engineer.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

Meet the Falcons Ciprian Marginean Aris Lambrianidis

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

AFRINIC Update Madhvi Gokool Registration Service Manager RIPE66 meeting, Dublin May 2013.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.

ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

AFRINIC Update Adiel A. Akplogan CEO, AFRINIC ARIN-31, Barbados April 2013.

Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.

Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian

Making Routing Registries Great Again Jared Mauch – NTT Communications

BGP supplement Abhigyan Sharma.

Improving reliability of IRR database

ARIN Update John Curran President and CEO.

BGP Multiple Origin AS (MOAS) Conflict Analysis

PP – Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais –

Improving global routing security and resilience

BGP Instability Jennifer Rexford

Computer Networks Protocols

By Keessun Fokeerah Member Services(MS) Team

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

Presentation transcript:

Physical Data Link IPv4/IPv6 TCP,UDP WWW, , SSH, Telnet

Virtualization Control Orchestration Application ON SALE SDN LIMITED EDITION NFV SNEAK PREVIEW NDN Welcome to DevOps CLI

IP Internet People DNS BGP

DNS 1.Thou shall not run RDNS and ADNS on the same machine! 2.Thou shall not open the Recursive DNS to the wide world! 3.Thou shall not use predictable Source Ports and Query IDs! 4.Remember that a CPE or printer may also act as an open RDNS! 5.Honour and support the IETF and RIPE work on DNS. 6.Thou shall not use the same IP address to accept queries and to initiate recursive lookups on the Recursive DNS! 7.Thou shall not do lame delegations, nor endless CNAME-ing! 8.Thou shall use RRL (Response Rate Limit)! 9.Thou shall use TSIG for zone XFERs! 10.Thou shall not be afraid to deploy DNSSEC!

BGP 1.Thou shall not hijack IP prefixes from others! 2.Thou shall avoid exporting ANY IGP routes into BGP !!! 3.Thou shall not announce special/private IP prefixes via BGP! 4.Remember to register thy route policy in an IRR (e.g. RIPE DB). 5.Honour and support the IETF/RIPE work on the S-BGP, psBGP etc. 6.Thou shall not announce prefixes longer than /24 (v4) or /48 (v6)! 7.Thou shall not de-aggregate! 8.Thou shall use prefix-lists to control thy customers! 9.Thou shall use maximum-prefix to control thy peers! 10.Thou shall sign thy routes using RPKI ASAP!

What to do with … PEOPLE? “L’enfer, c’est les autres” (J.P.Sartre)