# Practical Cybersecurity for Internet Operators Workshop # ## Time Schedule ## |Schedule |Time | |------------------|----------------| |Session 1 |09:00 - 10:30 | |Break |10:30 - 11:00 | |Session 2 |11:00 - 12:30 | |Lunch |12:30 - **13:30** | |Session 3 |**13:30** - 15:30 | |Break |15:30 - 16:00 | |Session 4 |16:00 - 17:30 | ## Instructors ## | FL | Name | Email | Organization | Country | |----|----------------|---------------------------------------|--------------|----------------| | CW | Champika Wijayatunga | champika(dot)wijayatunga(at)icann(dot)org | [ICANN](https://www.icann.org/) | AU | | ES | Edwin Sandys | edwin(dot)sandys(at)usp(dot)ac(dot)fj | University of South Pacific ([USP](https://www.usp.ac.fj/)) | FJ | | MQ | Melvin Quemado | mquemado(at)hawaii(dot)edu | [University of Hawaiʻi](https://www.hawaii.edu/) | US | | PP | Philip Paeps | ppaeps(dot)nsrc(dot)org | [Network Startup Resource Center](https://nsrc.org/bios/PhilipPaeps.html)| HK | | PS | Philip Smith | philip(dot)nsrc(dot)org | [Network Startup Resource Center](https://nsrc.org/bios/PhilipSmith.html)| AU | ## Sessions ## **NOTE: THIS IS A DRAFT!** The precise agenda will evolve in function of the group we get and the participants' interests / experiences. Remember: this is *your* workshop. | DAY | Topic | Inst | Presentations | Exercises | |----------------------|---------------------------|---------|---------------------------------------------------|----------------------------------------| | **TUESDAY** | | | | | | Session 1.1 | Introduction & logistics | PP | [PDF](practical-security/presentations/0-workshop-introduction.pdf) | | | Session 1.2 | Thinking about security | PP | [PDF](practical-security/presentations/1-thinking-about-security.pdf) | | | Session 2.1 | Lab: start using a password manager | All | | [Start using a password manager](practical-security/labs/1-start-using-a-password-manager.html) | | Session 2.2 | Incident response at UH (1) | MQ | | | | Session 3.1 | Incident response at UH (2) | MQ | | | | Session 3.2 | Introduction to tabletop exercices | PP | [PDF](practical-security/presentations/2-tabletop-exercises.pdf) | | | Session 4.1 | Lab: tabletop exercise | All | | [Backdoors & Breaches](practical-security/labs/2-backdoors-and-breaches.html) | | **WEDNESDAY** | | | | | | Session 1.1 | Tuesday recap | PP | | | | Session 1.2 | Vulnerability management | PP | [PDF](practical-security/presentations/3-vulnerability-management.pdf) | | | Session 2.1 | Demo: Wazuh at USP | ES | | | | Session 3.1 | Switching Architectures: L2 Protection Features | PS | [PDF](networking/cndo/en/presentations/Layer2-Protection.pdf) | [L2 Protection Features Lab](networking/cndo/en/labs/l2_protection.html) | | Session 4.1 | Layer 1-2-3 best practices | PP | [PDF](practical-security/presentations/4-layer-1-2-3-best-practices.pdf) | | | Session 4.2 | Campus security configuration | PP | [PDF](practical-security/presentations/5-campus-security-configuration.pdf) | | | Session 4.3 | Group discussion | All | | | | **THURSDAY** | | | | | | Session 1.1 | Wednesday recap | PP | | | | Session 1.1 | DNS security: introduction | PP| [PDF](kindns/presentations/1-kindns-intro.pdf) | | | Session 1.2 | DNS refresher: basics | CW | [PDF](kindns/presentations/2-DNS-refresher.pdf) | | | Session 1.3 | DNS refresher: components | CW | [PDF](kindns/presentations/3-DNS-components.pdf) | | | Session 2.1 | Demo: DNS queries and responses | PP | | [DNS queries & responses](kindns/labs/0-dns-queries-and-responses.html)| | Session 2.2 | Best practices: revision control | PP | [PDF](kindns/presentations/4-revision-control.pdf) | [First steps with Git](kindns/labs/1-git-first-steps.html)| | Session 3.1 | DNSSEC introduction | PP | [PDF](kindns/presentations/4-dnssec-introduction.pdf)| | | Session 3.2 | Lab: DNS refresher: zone files & authoritative servers | All | | [Configuring DNS servers](kindns/labs/3-configuring-dns-servers.html)| | Session 4.1 | Lab: DNSSEC signing | All | | [Sign your zones](kindns/labs/2-dnssec-sign-zone.html) | | **FRIDAY** | | | | | | Session 1.1 | Introduction to Routing Security | | | | | Session 1.2 | BGP Introduction | PS | [PDF](networking/bgp-deploy/en/presentations/BGP-introduction.pdf) | | | Session 2.1 | Securing the Router | All | | [Securing Router Lab](networking/routing-security/en/labs/securing-router.html) | | | | | | [Lab Diagram](networking/routing-security/diagrams/riso-0.png) | | | | | | [Lab Access](networking/routing-security/en/labs/lab-access.html) | | | | | | [Address Plan](networking/routing-security/en/labs/address-plan.html) | | Session 2.2 | BGP Best Practices | PS | [PDF](networking/bgp-deploy/en/presentations/BGP-BCP.pdf) | | | Session 3.1 | Unicast Reverse Path Forwarding | PS | [PDF](networking/routing-security/en/presentations/uRPF.pdf) | | | Session 3.2 | Unicast Reverse Path Forwarding Demo | All | | [uRPF Lab](networking/routing-security/en/labs/uRPF.html) | | Session 3.3 | Remotely Triggered Blackhole Filtering | PS | [PDF](networking/routing-security/en/presentations/RTBH.pdf) | | | Session 3.4 | RTBH within an AS Demo | All | | [RTBH within an AS Lab](networking/routing-security/en/labs/RTBH-local.html) | | Session 4.1 | BGP Origin Validation | PS | [PDF](networking/routing-security/en/presentations/BGP-Origin-Validation.pdf) | | | Session 4.2 | Configuring RPKI on routers | TBD | | [RPKI Lab](networking/routing-security/en/labs/rpki.html) | | Session 4.3 | Configuring Route Origin Validation on routers | TBD | | [ROV Lab](networking/routing-security/en/labs/rov.html) | ## Additional Materials ## | DAY | Topic | Inst | Presentations | Exercises | |----------------------|---------------------------|---------|---------------------------------------------------|----------------------------------------| | | Securing BGP: MaxAS | All | | [Securing BGP Lab: MaxAS](networking/routing-security/en/labs/securing-bgp-maxas.html) | | | Securing BGP: MaxPrefix | All | | [Securing BGP Lab: MaxPrefix](networking/routing-security/en/labs/securing-bgp-maxprefix.html) | | | Securing BGP: GTSM | All | | [Securing BGP Lab: GTSM](networking/routing-security/en/labs/securing-bgp-GTSM.html) | | | Securing BGP: PrivateAS | All | | [Securing BGP Lab: Private AS](networking/routing-security/en/labs/securing-bgp-privateAS.html) | ## Additional Information ## - [RFC8212 - Default External BGP (EBGP) Route Propagation Behavior without Policies](https://tools.ietf.org/html/rfc8212) - [Internet Routing Security Best Practices for Network Operators (MANRS)](https://www.manrs.org/manrs/) - [RIPE 706 MANRS Implementation Guide](https://www.ripe.net/publications/docs/ripe-706) - [RFC7454 - BGP Operations Security](https://tools.ietf.org/html/rfc7454) - [Internet Routing Security Best Practices for Network Operators (MANRS)](https://www.manrs.org/manrs/) - [BCP 38 - Network Ingress Filtering to Defeat Denial of Service Attacks which employ IP Source Address Spoofing](https://tools.ietf.org/html/bcp38)