As a CNC Security SPOC, we should be aware of the documents which help in understanding the threat landscape for the CNC product portfolio. These documents include:
- Documents which help to understand the threat landscape presented by Cloud Native Environments - topics include security best practices and common threats associated with the CNC technologies: Kubernetes, Containers, Microservices, Containerized Software Delivery, infrastructure security, network security, MySql, etc.
- Documents which help to understand the threat landscape presented by 5G Core Networks - topics include security best practices and recognized 5G threats.
Date | Author | Document | Abstract | Keywords |
|---|---|---|---|---|
| Oracle | Oracle Linux 7 Security Guide | The Oracle Linux 7 Security Guide provides a broad set of security guidelines for the Oracle Linux 7 operating system. The document details procedures, tools, and best practices for securing an OL7 based system. | Audit, SSH, SCAP, Infrastructure |
| NIST | An early take on application container security standards from T-Mobile. The document describes the thread landscape and documents best practices for securing containerized environments. | Docker, Repository, CNE | |
| Center For Internet Security (CIS) | CIS Oracle Linux 7 Benchmark | The CIS Linux Benchmark - a set of best practices for hardening the Oracle Linux 7 Environment. | Infrastructure |
| Center For Internet Security (CIS) | The CIS Docker Benchmark - a set of best practices for hardening a Docker deployment. | Docker, Containers, CNE | ||
| Center For Internet Security (CIS) | CIS Kubernetes Benchmark | CIS Kubernetes Benchmark - a set of best practices for hardening a Kubernetes environment. | Kubernetes, Containers, CNE | |
| HP | The HP iLO Security Guide provides a set of procedures and recommendations for securing the HP Integrated Lights-Out system management interface. | Bare Metal, Infrastructure | |
| Red Hat | The Red Hat Linux Hardening Guidelines provides a set of procedures and recommendations for hardening Linux systems deployed in the T-Mobile environment. | Infrastructure | |
29 Aug 2020 | World Bank | 5G Security Threat Modeling | New technology components in a 5G network and the new services it provides and comprehensively analyze the risks in this ecosystem through a threat model the World Bank Group developed and to discuss the mitigating controls. | 5G, Threat Modelling |
| CNCF | In 2018, the Center for Cloud Native Computing Foundation sponsored an open-source audit of the security of Kubernetes. These documents provide highlights and recommendations. While most of these recommendations are targeted to the K8s development teams, some recommendations for securing deployments are also provided. | Kubernetes, CNE | |
| NIST | NIST SP 800-204 documents Security Strategies for Microservice-based Application Systems. These strategies focus on the best practices for architecture and design of containerized microservices. | Microservices, Containers, Design Best Practices | |
| Center For Internet Security (CIS) | CIS MySQL Benchmarks - a set of best practices for securing MySQL. | MySQL, Best Practices | |
| Oracle | The Oracle MySQL Security Best Practices provides a set of recommendations for securing MySQL databases. The paper documents common attack vectors and makes recommendations on how to prevent or mitigate these standard attacks. | MySQL, Best Practices | |
| Microsoft | Kubernetes Attack Matrix | Microsoft's Kubernetes Attack Matrix provides a threat catalog documenting the typical ways the Kubernetes environments are attacked. | Kubernetes, Threat Catalog |
| BT | Telecoms Security Framework | The Telecoms Security Framework documents a set of Principles, Requirements, and Tests that are mandatory for all network operators providing service in the UK. The document documents requirements for management plane, signaling plane, as well as operational environments. Details on supply chain management and planned security audits is also covered. | Telecom, 5G, 4G, Threat Catalog, Core Network Hardening |
| 5G Americas | 5G and the Cloud | A broad overview of the 5G Design Architecture including historical overview of core network technology evolution. | Telecom, 5G, CNE, NFV, CI/CD, Microservices, Service Based Architecture, Service Mesh |
| 5G Americas | 5G Security Whitepaper | An overview of the Security related 5G standards; a discussion of perceived 5G Threats; a list of possible mitigations | Telecom, 5G, Threat Catalog, Threat Mitigation, 5G Security Standards |
| NIS Cooperation Group | EU Risk Assessment of 5G Networks | A robust assessment of 5G Network Security Risks. Describes threats and threat actors, assets being protected / attacked, common vulnerabilities for various stakeholders, and risk scenarios. A great source document for ARA authors. | Telecom, 5G, Threat Catalog, Risk Assessment |
| European Telcom Professionals | Telcom Security Landscape | A short list of security threats and opportunities as identified by the ETIS group. A one page infographic. | Telecom, 5G, Threat Landscape |
| NIS Cooperation Group | Cybersecurity of 5G Networks | Building on the EU Risk assessment document (above), this document descibes a "toolbox" of possible mitigations which can be employed to protect the 5G core network. A great source document for ARA authors. | Telecom, 5G, Threat Catalog, Risk Assessment |
Comments
Post a Comment