> Security and Robustness In Backbone Design

1
gt Security and Robustness In Backbone Design

• (no, really)
• Raven Alder

2
gt /home/raven/24601

• Im a consultant
• Security geek, backbone engineer
• Two calls planners, or somethings gone terribly
  wrong

3
gt Why you (mightshould) care

• Data transiting the Internet not always secure
• Private WANs are more shared than many people
  think at the carrier level
• Ever-popular nation-state snooping
• Or just a couple of dudes at DefCon
  (http//blog.wired.com/27bstroke6/2008/08/revealed
  -the-in.html)
• Shared media? Shared data.

4
gt recursion

• Protocol security (AAA stuff)
• Physical redundancy (separate paths)
• Use crypto (we mean it)
• Plan for failure (no Dilbertean fallbacks)
• Human element (but log everything)
• Show me show me (OMG)
• Ten years, one slide

5
gt increasingly challenging design specs

• "we need this network to be resilient during
  undersea cable cuts, earthquake, tsunami, BGP
  updates, or military coups
• Okay, then.
• Dont forget power and seizure. Hurricanes.
  September 11th. NANOG-worthy events.

6
gt large-scale outages and disaster recovery

• Plan for things to go truly, epically wrong

7
gt airborne

• Good some different eyes than land lines
• Bad some different eyes than land lines
• Differential timing attacks
• Good mobility
• Bad trackability?
• Consider pre-emption before you buy

8
gt physical layer

• Undersea cable cuts -- how many at once? No one
  (public) in the Mediterranean expected four.
• Who makes your routers? Sure theyre not third
  party knockoffs? How many of you actually check
  MD5s? (How many of you still trust MD5s?)

9
gt application proxies inline cleaning up
protocols

• Improved resistance to protocol implementation
  tomfoolery
• No help with protocol design tomfoolery, except
  maybe alerts
• Good if youre a VoIP provider concerned with SIP
  tricks, for example
• Not so good with BGP

10
gt logistics and ethics of application layer
filtering on backbone networks

• Customer expectations of privacy
• (consider who your customers are and their needs)
• Expectations shape behaviour, which may not be
  the same as your design goals
• People will end run your security if its not
  what they think it should be

11
gt filtering and monitoring

• Increasingly intelligent and context-sensitive
  filtering
• Picks out words and phrases, not just block list
  of sites
• Many protocols, from IM to Web
• Proxies not so uber-leet as you think
• Consider why VPNs are permitted, and where

12
gt keep on routing in the free world?

• Globalization lets talk manufacturing
• Oh, and first world countries would never do
  this. Otherwise what would we need telco
  immunity for? Er.
• Information sharing programs
• Industrial espionage
• Straight up BGP hijack
• Quis custodet telcorum?

13
gt choose your peers wisely

• Underestimated importance of good peering
  relationships
• Understand where you are in the pecking order.
  (The Art of Peering, http//www.nanog.org/papers
  /playbook.doc )
• Sadly, most telcos are still dumb about this, so
  currently you have to aim to outroute them.

14
gt questions

• raven_at_oneeyedcrow.net