NETSEC SIG

Mission

To foster the deployment of inter-AS network security BCPs, coordinated mitigation, and information sharing.

Objectives:

• To encourage the adaption of inter-AS security Best Current Practices (BCPs)
• To facilitate response coordination of inter-AS BGP routing issues and abuse
• To promote inter-AS DDoS traceback and mitigation
• To encourage inter-AS security incident event sharing

SIG topics and areas of interest:

• Route hijacks and leaks
• DDoS
• Traceback and attack source attribution
• DNS and DNSSEC operational issues
• RPKI, ROV, and other burgeoning routing security technologies
• BCPs, tools, and resources such as those from MANRS.org and PeeringDb.com
• Network operator and researcher networking

Goals & Deliverables

• Compile a set of inter-AS security BCPs and resources for CSIRTS and network security teams
• Deliver regular inter-AS security workshops or tutorials at FIRST events
• Provide a Slack channel and mailing list to faciltate inter-AS security discussions
• Disseminate technical briefs on inter-AS security involving the shared fate of subsystems such as DNS, Routing, Email and others through regular SIG meetings and FIRST blog posts
• Explore extending the FIRST teams directory to publish ASN, MANRS status, and PeeringDB link as applicable
• Promote the SIG to qualified external parties and individuals already members of FIRST

Chair

• John Kristoff
• Hendrik Adrian
• Carlos Friacas
• Aaron Kaplan
• Merike Kaeo

Meetings

• Annual meetings to coincide with the FIRST annual conference
• Initially Bi-weekly Zoom meetings, later we can reduce the frequency

Glossary

• AS - Autonomous System
• BCP - Best Common Practice
• BGP - Border Gateway Protocol
• DDoS - Distributed Denial of Service
• MANRS - Mutually Agreed Norms for Routing Security

Additional considerations

Intended audience

• inter-AS router and network operators
• inter-AS DNS service providers
• inter-AS security researchers
• CSIRT inter-AS security members

Participation Requirements

• This is an individual-only approved SIG, no teams nor aliases
• Individuals should be able to prove they possess sufficient inter-AS security responsibility
• Individual email addresses must remain active and be periodically tested

Roadmap

• Phase 1 - Group formation
• Phase 2 - inter-AS security documentation and resource compilation
• Phase 3 - Expand operational capacity and services

Request to Join

• Initiatives
  • Special Interest Groups (SIGs)
    • SIGs Framework
    • Academic Security SIG
    • Automation SIG
    • Big Data SIG
    • Common Vulnerability Scoring System (CVSS-SIG)
      • Calculator
      • Specification Document
      • User Guide
      • Examples
      • CVSS v3.1 Documentation & Resources
        • CVSS v3.1 Calculator
        • CVSS v3.1 Specification Document
        • CVSS v3.1 User Guide
        • CVSS v3.1 Examples
        • CVSS v3.1 Calculator Use & Design
      • CVSS v3.0 Archive
        • CVSS v3.0 Calculator
        • CVSS v3.0 Specification Document
        • CVSS v3.0 User Guide
        • CVSS v3.0 Examples
        • CVSS v3.0 Calculator Use & Design
      • CVSS v2 Archive
        • CVSS v2 Complete Documentation
        • CVSS v2 History
        • CVSS-SIG team
        • SIG Meetings
        • Frequently Asked Questions
        • CVSS Adopters
        • CVSS Links
      • CVSS v1 Archive
        • Introduction to CVSS
        • Frequently Asked Questions
        • Complete CVSS v1 Guide
      • JSON & XML Data Representations
      • CVSS On-Line Training Course
      • Identity & logo usage
    • CSIRT Framework Development SIG
    • Cyber Insurance SIG
      • Cyber Insurance SIG Webinars
    • Cyber Threat Intelligence SIG
      • Curriculum
        • Introduction
        • Introduction to CTI as a General topic
        • Methods and Methodology
        • Source Evaluation and Information Reliability
        • Threat Modelling
        • Training
        • Standards
        • Glossary
    • DNS Abuse SIG
      • Code of Conduct & Other Policies
      • Examples of DNS Abuse
    • Ethics SIG
      • Ethics for Incident Response Teams
    • Exploit Prediction Scoring System (EPSS)
      • Frequently Asked Questions
      • The EPSS Model
      • Related Papers
      • Data and Statistics
      • API
      • User Guide and Exploit Data
      • Contributing Articles
        • Understanding EPSS Probabilities and Percentiles
        • Log4Shell Use Case
        • Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities
      • Data Partners
    • FIRST Multi-Stakeholder Ransomware SIG
    • Human Factors in Security SIG
    • Industrial Control Systems SIG (ICS-SIG)
    • Information Exchange Policy SIG (IEP-SIG)
    • Information Sharing SIG
      • Malware Information Sharing Platform
    • Malware Analysis SIG
      • Malware Analysis Framework
      • Malware Analysis Tools
    • Metrics SIG
      • Metrics SIG Webinars
    • NETSEC SIG
    • Passive DNS Exchange
    • PSIRT SIG
    • Red Team SIG
    • Retail and Consumer Packaged Goods (CPG) SIG
    • Security Lounge SIG
    • Threat Intel Coalition SIG
      • Membership Requirements and Veto Rules
    • Traffic Light Protocol (TLP-SIG)
    • Vulnerability Coordination
      • Multi-Party Vulnerability Coordination and Disclosure
      • Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
    • Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
      • Vulnerability Database Catalog
    • Women of FIRST
  • Internet Governance
  • IR Database
  • Fellowship Program
    • Application Form
  • Mentorship Program
  • IR Hall of Fame
    • Hall of Fame Inductees
  • Victim Notification
  • Volunteers at FIRST
    • FIRST Volunteers
    • Volunteer Contribution Record
  • Previous Activities
    • Best Practices Contest