Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Release of the LACNOG-M3AAWG Joint Best Current
Operational Practices (BCOP) LucimaraDesiderá
LAC-AAWGchair
Official release on 08 May 2019 LACNOGandM3AAWGjointBCOP
MinimumSecurityRequirementsforCustomerPremisesEquipment(CPE)Acquisition.
https://www.lacnog.net/docs/lac-bcop-1
https://www.m3aawg.org/CPESecurityBP
Comingsoon–Translationto:• SpanishandPortuguese
• JapaneseandKorean(JP-AAWG)
Official release on 08 May 2019
Why care about CPE Security?
Businessandoperationalimpacts• Compromisingoftheprovider'snetwork
- Someoneelseisusingyourresources• Degradationorunavailabilityofservices
- Youcanloseclients• Technicalsupportandrepairwork
- Youarelosingmoney• ProtectthereputationofyourISP
- Customers,partnersandblacklists
Problems the BCOP addresses
• Standardcredentialsforalargenumberofdevices• Credentialsthatcannotbechanged(hard-coded)• Useofobsoleteandinsecureprotocolsandalgorithms
• Undocumentedaccesses(backdoors)• Lackofautomatedandsecureupdatemechanismstoaddresssecurityissues
• Unnecessaryand/orinsecureservicesenabledbydefault
• Servicesthatcannotbedisabled• Insecureremotemanagement
What is inside? Areferencechecklistforhardwaredecisions→ Let’saskvendorsforbetterproductswhileimprovingournetworks!😀