Workshop: ISP Security

An advanced hands-on workshop covering best practice network infrastructure security including DDoS, IP spoofing, and RTBH, as well as the design and deployment of Level 3 VPNs.

Damien Holloway (Juniper)
Jonny Martin (PCH)
Alastair Johnson (Alcatel-Lucent) [bio]
Jide Akintola (Alcatel-Lucent) [bio]
Tony Chan (Juniper) [bio]

Where: Training Room 3, Level 3, Cyberport 3, Cyberport

Download the materials (30.4 MB) for this workshop.

Who should attend

Network Operations and security staff at ISPs and Network Service Providers. People who are trying to learn ropes of establishing a functioning security system in their network core and edges. Anyone else with interest in Security topics.


This is an advanced course. Good familiarity with UNIX command line and system administration jobs. Knowledge of Layer 3 protocols, and command line of popular routers. Basic knowledge of security concepts is an added advantage.

What you will learn

The ISP / NSP Security Workshop focuses on following components to provide comprehensive understanding and hands-on experience allowing you to gain valuable experience in network security best common practices, tools and techniques.

  • Network infrastructure security
  • Security services

For network infrastructure security, best common practice for protecting infrastructure including IP addressing, baseline building, securing IGP and BGP routing protocols and router filtering techniques are covered in detail. Controlling access to the routers, collecting network telemetry information and control plane protection techniques are discussed.

A six step methodology for detecting and mitigating DDoS attacks on the infrastructure provides hands-on understanding on how to deal with such attacks. Anti-spoofing measures to combat IP spoofing attacks and Remotely Triggered Blackhole (RTBH) filtering to protect against infrastructure attacks hands-on practice provides easy to deploy tools on the SP networks.

The security services address designing, deploying and managing L3 Virtual Private Networks. A balanced discussion covering security of 3VPN provides good basis of evaluating the level of security for the business needs. Finally, a discussion of how managed security services such as IP VPN prepares SP networks for provisioning other security services.

Please be aware that participants are required to bring laptops.