Managed security service providers (MSSPs) - a subset of service providers - manage the security components of their customers' networks.There are two notes on the scope of this paper: Finally, the whole set of security measures available for hardening endpoints, like host IPSs and antivirus software, is not of much interest in the service provider world. Moreover, they cannot afford focused monitoring of transit traffic to detect indications of exploitation attempts in the way that IDSs/IPSs usually do. Service providers cannot afford to provide granular access control - one of the main functions of a firewall - for transit traffic. A primary difference is that firewalls and intrusion detection and prevention system (IDS/IPS) devices cannot be applied on transit paths in service provider networks. Many of the standard edge-security measures that are applicable in the enterprise world are not applicable in the service provider security paradigm. Securing the transit paths and the infrastructure carrying them and not necessarily securing the endpoints brings its own set of challenges.Accordingly, service providers must be able to defend multiple targets from multiple parallel attacks. The number of possible targets of and entry points for an attack is also higher in the service provider space than it is in the enterprise world, where typically a smaller number of clearly identified assets frequently enjoy the highest level of protection possible. Size is one of the significant differences between the service provider and enterprise security paradigm. (Although some enterprises have huge networks, this is still an exception). In the enterprise world, the number of devices to take care of is typically considerably smaller than in the service provider space. The size of the network. Service providers must be able to rapidly implement security measures against a large number of parties that may be involved in the attack, and deploy these tools and techniques on a large number of devices, usually network entry points.These threats are correlated with the following factors specific to service provider networks: Device compromise means breaking into vital components of the infrastructure and modifying their configuration.Domain Name System (DNS) information is sometimes used to redirect Internet traffic to serve the needs of people with criminal intent.Attacking Border Gateway Protocol (BGP) routing and injecting faulty BGP routes for traffic redirection is one technique that attackers are using to obtain the "interesting" traffic.Excessive traffic and resource depletion caused by infected machines can generate problems for service providers.Denial of service (DoS) and distributed denial of service (DDoS) attacks are aimed at disabling access to various Internet services for legitimate users.The most important security issues that service providers face are the following: In addition to the general security concerns that affect anyone who uses IT technology or connects to the Internet, the community of service providers has its own set of security-related issues to deal with. Readers interested in exploring these techniques in more detail should consult the resources listed in "References" at the end of this document. The scope of this document does not allow for an in-depth analysis of the techniques described. It also outlines a six-phase approach for deploying network security mechanisms and responding to attacks. This white paper provides a comprehensive overview of security measures and tools that Internet service providers can use to secure their network infrastructures. This white paper describes a set of techniques ISPs can use to withstand global threats by securing their networks' infrastructure. As the framework of the global network, Internet service providers are often involved in security incidents, either as a target of an attack or as one of the defenders.
Knowing the Side Effects, Limitations, and CaveatsĪs the Internet becomes more of a place for doing business and not just exchanging information, it becomes a greater target for people who aim to use it in a criminal manner. Six-Phase Approach to Service Provider Security Service Provider Security Tools and TechniquesĪdditional Service Provider Security Techniquesįramework for Service Provider Infrastructure Security Deployment Solution: A Service Provider Security Toolset and Deployment Framework Challenge: Security Issues for Service Providers