Implementing Service Provider Security and Application Control
When network engineers think of cyber security, they often think of firewalls, intrusion prevention systems, and host-based security systems. Alternatively, service provider security introduces an entirely new set of tools and operating processes.
What you'll learn
Service provider security introduces many new tools and techniques, many of which are network-oriented, to secure the carrier’s network environment. In this course, Implementing Service Provider Security and Application Control, you'll learn how to secure SP networks and prioritize traffic using various techniques. First, you'll explore how to build the core network using multiple dual-stacked routing protocols, then harden it with basic security features. Next, you'll delve into developing a distributed denial of service (DDoS) defensive structure using BGP flowspec in conjunction with sinkholes and scrubbing centers. Lastly, you'll discover the three common MPLS quality of service (QoS) models commonly seen within service provider networks, prioritizing important flows while reducing the impact of malicious ones. When you're finished with this course, you'll have the skills necessary to analyze, harden, and optimize the security posture of service provider networks.
Table of contents
- Course Introduction, Expectations, and Topology Review 4m
- Demo: Reviewing the OSPFv2 and LDP Core 3m
- Understanding LDP Session Protection and IGP Synchronization 4m
- Demo: Configuring LDP Session Protection 3m
- Demo: Configuring IGP Synchronization 4m
- Demo: Filtering LDP Label Advertisements 2m
- Module Review 1m
- How BGP Flowspec Works at a Basic Level 3m
- Demo: Configuring and Verifying BGP Flowspec 4m
- Demo: Activating Remotely Triggered Black Holes (RTBH) 6m
- Demo: Policing Bursty or Overbearing Traffic 4m
- Demo: Redirecting Junk Traffic into a Sinkhole 6m
- Demo: Integrating a Scrubbing Center 6m
- Demo: Redirecting Traffic into a Scrubbing Center 4m
- Module Review 1m
About the author
Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor's of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Car... more