in conjunction with APRICOT 2012

Network Infrastructure Security

Workshop date: 21-25 February 2012
Venue: Room 294, Level 2, Hotel Ashok


This is a technical workshop, made of up lecture and hands-on lab work to teach infrastructure security targeted at network engineers who are responsible for engineering and architecting reliable networks as well as network operators who are responsible for mitigating against current attacks.

Target audience

Technical staff from ISP, enterprise or government organizations who are responsible for engineering and operating a secure IPv4/IPv6 network infrastructure.


  • Medium to good knowledge of Cisco and Juniper router/switch command line environment
  • Basic knowledge of IPv4 and IPv6 TCP/IP networking
  • Basic knowledge of routing (BGP, OSPF, IS-IS)

Workshop Topics

  • Cyber-Attack Landscape-Past, Present, Future
  • Security Protocol Details
  • Fundamentals of Crytography
  • Credential Management (passwords, secret keys, private keys)
  • Details of SSH, MD5 and SHA-1
  • Hardening of Network Infrastructure Devices (IPv4 and IPv6)
  • Authorized and Encrypted Access
  • Privilege Levels
  • Protecting Configuration Integrity and Confidentiality
  • Securing Device Management
  • Effective Logging Stategies
  • Filtering and Firewalls
  • Firewall Types and Functions
  • Evolving Security Architectures Using Firewalls
  • Routing Security
  • Principles of Creating a Secured Routing Infrastructure
  • Features Used to Secure Routing Architectures
  • Using BGP as a security tool
  • Remotely triggered black hole routing
  • BGP Shunts
  • Sink-holes
  • Multi-AS Black Holing
  • IPv6 Security
  • Security Considerations when Adding IPv6 into Existing Environment
  • Security Impact of Transition Technologies
  • Tools used to Detect and Mitigate Against DDoS Attacks and BotNets


Barry Greene GETIT, Merike Kaeo and Peter Losher (ISC)

Workshop Materials

Download workshop materials for this workshop.