Security

The Challenge

We know that the main objective of the ISP is based on promoting quality services to the final clients and peers, whose networks have a high percentage of availability. This creates the need to be on the alert as regards general security of any of its devices and platforms with external or internal connectivity. There is much vulnerability that the service providers must have into account to avoid their own network to be affected.
The important factors correlated with the security implementation of an ISP are based on the traffic pattern and the network devices that transport these patterns. At this point, it is important to point out that many of the security solutions that are offered nowadays in the “Enterprise” world are not suitable to the ISP scale. For example, antivirus systems and IDS/IDP are not suitable for ISP. The size of the network and its complexity must be treated in parallel, since it has an infrastructure in which the equipment can grow easily.

The solution and the benefits

The approach used to work with all the security aspects in an ISP is the division into separate levels and the execution, within each of the levels, of specific protection methods:

Assurance of the control layer: This layer is based on the signaling traffic and on the routing protocols inside the service provider's network and in the connections to the clients and peers. Some of the security characteristics to be taken into account to ensure the control level are the BGP routes filtering in connections to clients and to other ISP peers, the exchange control between EBGP and IBGP routes, the control and monitoring of the routing tables, the authentication of the routing protocols’ sessions, the enabling of BGP dampening to avoid the flapping effects, the reinforcement of TTL of the BGP packages, the insurance of IGP and LDP and the limitations of the amount of ICMP messages to protect the DoS attack, among others.

Assurance of the management layer: The management and administration layer is important to insure the access to the devices. Some of the important items to be taken into account are to disable the unused services, enable the password encrypting, configure appropriately the types of users, enable the encrypting protocols like SSH, enable AAA in the devices using Radius or TACAC servers, to enable the NTP and SNMP, the logging of messages and out of band access, among other things.

Assurance of the data layer: The data layer covers packents sent from and to the ISP clients. It is the traffic that should not be routed to the devices in the internal network. Some of the things to be taken into account are: the list of Antispoofing access, the access lists for the filtering of the networks defined in the RFC 1918, the access lists to avoid that the clients reach the infrastructure devices, the access lists to classify the types of traffic, among others.

The service providers have a particular set of implementations. There is not an only solution to secure the network. These solutions must be analyzed based on the experience and the best practices established.

Why Auben?

Security is a key factor that any services provider must prioritize in order to achieve the quality standards in a very competitive market. In Auben, we help the client analyze and design his network in the safest way, by implementing policies in which the platforms and the traffic are secured and there is no possibility of internal or external threat. We train the staff by means of knowledge transfer according to the security policies applied in their network. Our aim is to create specialists able to make more accurate decisions, lowering the OPEX of an unprotected network.

city_icon.jpg

Services

Our services are integrated with multiple technologies. They are based on speed and efficiency, achieving high quality standards with optimized costs.

More information

 acerca.jpg

About Auben

Deep inside our beings, in our essence, and printed in our DNA, lies the desire for communication. 

More information