Cisco Security Intelligence Operations (SIO) is putting the finishing touches on a training session for Black Hat USA 2009. This training session, a first for Cisco, will help attendees gain an understanding of the types of recommendations we encourage every customer to implement. The abstract for the session reads:
Detecting & Mitigating Attacks Using Your Network Infrastructureby Randy Ivener, Joseph Karpenko, and Tim Sammut, CiscoThis course will detail how to leverage innate network functionality, such as routing protocols and NetFlow, to provide a full range of attack identification and mitigation capabilities. The course is organized around a proven six-phase approach to incident response, which moves from preparation through post mortem, and includes extensive demonstrations and hands-on lab work.
As indicated above, this session contains information on how organizations can use the functionality that already exists in their networks. Although we’ll discuss a few security products as well—such as Intrusion Prevention Systems and firewalls—the majority of the material is focused on helping organizations take advantage of their existing investment in Cisco products.These recommendations go beyond the obvious and well understood—things like use strong passwords and keeping your software up-to-date—to include underutilized functionality that can greatly enhance the security of network devices, such as Control Plane Policing and Unicast RPF. These capabilities are cornerstone security technologies in larger networks and service providers, but haven’t been adopted by many organizations. This training session is one of the ways in which Cisco SIO is looking to bridge the gap between more mature security operations and the majority of networks. Other information that contributes to this goal can be found on the Security Intelligence Best Practices and Service Provider Security Best Practices pages of Cisco Security Center.We’re hoping that you’ll find the hands-on lab work to be both interesting as well as educational. While preparing for it, we realized that we needed real attack traffic in order to fully exercise the defensive functionality of the products. We clearly couldn’t use an undisclosed vulnerability in a Cisco product, so we choose to utilize the training setting to raise awareness of existing attacks, for example TTL expiry attacks and BGP security concerns. Cisco SIO has produced documents that specifically describe these issues and their mitigation techniques: TTL Expiry Attack Identification and Mitigation and Protecting Border Gateway Protocol for the Enterprise.This two-day session is being offered both as a weekend training session (July 25-26) as well as a weekday session (July 27-28). We hope to see you there.