Practical Cybersecurity for Internet Operators (PCIO)

Synopsis

Return to Outlines

A five-day technical workshop consisting of short lectures, tutorials, and hands-on tasks. The course emphasises skills needed to secure Internet infrastructure from real-world cybersecurity threats.

Target Audience

This course's target audience includes network engineers from industry, Internet Service Providers, stewards of critical Internet infrastructure (ccTLDs), and operators of research and education networks (RENs) who seek to improve the security, resilience, and reliability of their infrastructure.

Prerequisites

This workshop assumes robust familiarity with editing files, installing software, and other day-to-day systems administration tasks on Unix-like operating systems or Linux. As well as being experienced systems administrators, participants must have at least a basic understanding of critical networking concepts such as Internet routing and the Domain Name System (DNS).

It is required that the workshop participants:

  • Are proficient with a command line interface;
  • Have day-to-day experience within an operational network;
  • Are familiar with the Unix or Linux command line interface;
  • Have basic knowledge of TCP/IP networking;
  • Are willing and prepared to discuss their own network.

Workshop Topics

Participants in this workshop will learn about:

  • The onion model and the Swiss cheese model
    • Defence in depth
    • Risk analysis
    • Threat modelling
    • Principle of least privilege
    • Service reliability and recovery
    • Encryption of data at rest and in transit
    • Authentication and authorisation
  • Service reliability and recovery
  • Encryption of data at rest and in transit
  • Authentication and authorisation
    • Identity and access management
      • Multi-factor authentication
  • Trust domains and security boundaries
    • Firewalls
    • Single sign-on
  • Best practices for cybersecurity on layer 1 and layer 2
    • Physical plant security
    • Authentication, authorisation, accounting, and auditing
    • Monitoring and running a security operations centre
  • Best practices for securing critical network services
    • DNS & KINDNS
    • Firewalls, intrusion detection systems, etc.
    • Network monitoring: NOC/SOC separation of concerns
  • Internet routing security best practices

Objectives

At the end of the workshop, students will be able to:

  • Understand and explain the fundamental principles of practical cybersecurity.
  • Apply practical threat modelling and risk analysis techniques to network design.
  • Explain the purpose of different threat mitigation technologies and demonstrate this understanding by successfully completing hands-on lab exercises.
  • Explain the difference between authentication and authorisation and the importance of accounting and auditing.
  • Demonstrate a thorough understanding of the principle of least privilege and defence in depth.
  • Securely operate DNS servers on the internet in compliance with the KINDNS best practices for secure and reliable internet DNS operations.
  • Understand and explain the many trade-offs between security and operability of real-world networks and demonstrate their understanding in a lab environment.
  • Analyse and document the threats present in a real network to the point where they can effectively commission a security operations centre.
  • Understand and explain how RPKI can effectively mitigate against origin impersonation and help ensure that network data travel only along authorised routes.

Return to Outlines