Training Cybersecurity Essentials for Telecom and Service Providers

(ecgt2600)

Cybersecurity risks are real threats to telecom and service providers such as Data Center Operators, Internet Service Providers, and Voice Service Providers. But the threats for Voice and Data Service Providers are distinct from the threats against Enterprise networks, while most of the attention goes to the Enterprise. Get the fundamentals of Cybersecurity appropriate for Service Provider networks so you can troubleshoot and design networks for maximum safety and reliability. Graded Exams, Certificate Provider. 1.5 week / 3 class sessions / 6 PDH.

In-Person Training

On-site training at your location


Aims

Sample

Course Content

Core Security Foundations

Core Security Foundations Overview: Networks, Software, Physical Isolation & Authentication

Physical Isolation & Authentication

  • Historical Protections
  • Physical Access Principle
  • Cloud Hosting
  • Authentication

Historical Protections: SS7, TDM, Phyiscal Protections

Physical Access: If you can touch it, you can control it

Cloud Hosting: Risks & Concerns

Authentication: One-time Tokens & Memorized Secrets

Core Security Foundations: Network 

Exposed Network Services & Scanning

  • Services, Ports, Open Ports
  • Services and standard port numbers
  • Firewalls
  • Scanning by Attackers
  • Most Probed Ports (AT&T Internet Weather Report)
  • Why Attackers want to discover open ports
  • SSH Logs showing password guessing
  • HTTP attack attempt

Firewalls: Blocking packets with Access Control Lists (ACLs)

Cisco syntax for Firewalls

Voice Service Provider Security Architecture

  • Firewalls
  • Session Border Controller 
  • TLS Verification / Load Balancer

NAT and Automatic Security

Egress Monitoring

  • Overview
  • Malware inside the trusted network

VPN: Trusted, Secure Tunnels

  • Encryption
  • Authentication
  • Data Integrity
  • SD-WAN

TLS/SSL: Privacy, Authentication, Integrity

  • Overview
  • Certificates
  • Privacy, Authentication, Integrity

Review: Exposed Ports are Attacked Ports

Review: NAT may expose internal network to Internet

Review: Encryption defends against eavesdropping & spoofed data

Core Security Foundations: Software

Defects, Vulnerabilities, & Discovery

Application Updates for Security

App-Store Safety vs Unmanaged Downloads

  • Malware review at app stores
  • Signing of Apps
  • Unmanaged downloads
  • Android became major malware deployment vector

Operating System (OS) Vulnerabilities & Updates

  • Examples of NotPetya and WannaCry
  • Procedures around OS Updates

Backup & Restore Capability

  • Destructive Malware
  • The goal is Restoration

Remote Exploitation & Breakout

Key Defenses: Malware Prevention

Unpatched Operating Systems Enable Malware

Malware: What it is 

Readiness to Update OS

Safely Updating Operating Systems

Example: Redhat or Centos Linux

Linux and Windows Systems vulnerable

Attacks launched from Corporate PCs

Replacing the OS on Infected Servers

Use Firewalls to Defense Against Corporate PCs

Ransomware: Tempting Form of Malware

Signature Based Malware Detection

Dynamic of Behavioral Malware Detection

Key Defenses: SIP UA Config Protection

SIP UA Config Files: What They Are

Rich Targets to Attack

No protection by MAC address in filename

Reusable Username / Password - Pros and Cons

TLS for SIP UA

Basics of TLS

  • Certificate
  • Signature
  • Certificate Authorities

Protection by Mutual TLS with Client Authentication

Manufacturer-Installed Certificates (MICs)

Server Certificate-Authority Matchup

Adding mTLS to your network

Key Defenses: Distributed Denial of Service (DDoS)

Defining DoS & DDoS

How DoS Works

How DDoS Works

Scenario 1: DDoS against One Noncritical IP Address

Planning DDoS Mitigation

  • ISP Support
  • Remote Trigger Blackhold (RTBH)

Scenario 2: DDoS Against Key Server (e.g., SBC)

Scenario 3: DDoS Against DNS Server

Be Relocatable

Summary - DDoS Prevention & Mitigation

Key Defenses: Defending Personal Data

Risks of Data Breach

What is Personal Data / Personally Identifable Information (PII)

Europe: "Personal Data" Definition for GDPR

Provisioning & Network Access Information

Voicemail

How to Protect PII: Four steps

Step 1: Basic Server Security

Step 2: Encryption In Transit (TLS, etc.)

Step 3: Encryption At Rest

Step 4: Access Logging

Determining if Breach Occurred

Logs: The Security Cameras of Networks

Customer Proprietary Network Information (CPNI) Definition

Summary: Protecting Personal Data

Cybersecurity Frameworks

Popular Security Frameworks & Standards

NIST Cybersecurity Framework (CSF)

Framework Core

Implementation Tiers

Profile

CSF Core

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

CSF Core Categories

CSF Core Subcategories

NIST 800-53 - Cybersecurity Controls

Overview

Example 1: CA-8 Penetration Testing

Example 2: Password-Based Authentication

Center for Internet Security (CIS) Controls

Background of CIS

Implementation Groups

Most-Implemented Controls

Least-Implemented Controls

CIS Benchmarks

MITRE ATT&CK

Overview

Tour

Frameworks We Considered

Uncovering & Remediating Malicious Activity

Join Cybersecurity Advisory Background

Responding to a Breach

  • Talk out of band
  • Don't touch the attacker
  • Don't pre-emptively block the attacker
  • Don't pre-emptively change 
  • Don't pre-emptively change credentials
  • Get Logs & System Data
  • Get Network Data
  • Fix the Root Cause

Got Hacked? 7 Common Mistakes

Best Practices Before The Breach

Key Best Practices Before The Breach - All Systems

Key Best Practices Before The Breach - Windows

10 Investigation and Remediation Tactics

Key Summary