Rough Guide to IETF 99: DNS Privacy and Security, including DNSSEC
There's a good bit of DNS secrurity and privacy activity happening at IETF 99 next week in Prague, although not all of that is in working groups. Here is a view of what is going on.
IETF 99 Hackathon
Once again there will be a good-sized "DNS team" at the IETF 99 Hackathon over the weekend (15-16 July). The IETF 99 Hackathon wiki outlines the work (scroll down to see it). From a security point of view, major projects include:
Dan York
Network Visibility Through Active Path Testing
Find out how to verify that your network is properly handling SIP voice.
Intel Next-Gen Processors Target Networking, Data Center Workloads
AT&T, Google, and AWS are early customers.
Red Hat Throws Training Wheels on OpenShift Online
OpenShift moves garner accolades, though open source onslaught could impact growth.
Cloud Security Firm HyTrust Raises $36M, Purchases DataGravity
HyTrust has raised about $95.5 million in total.
Affirmed Networks Makes Network Slicing Possible on LTE
The vSSF can redirect traffic based upon device, service and location.
AT&T Deepens Oracle Cloud Collaboration with NetBond Connectivity
AT&T said isolation of transport traffic improves security.
Worth Reading: Internet of Terror
Before we get to the question of encryption and key length, I would like to point out two things. An IoT device is nothing more than an embedded system with a TCP/IP stack. It is not a magical object that is somehow protected from attackers because of how cool, interesting, or colorful it is. Second, and I can’t believe I have to point this out to people who would read or write to KV, but the Internet has a lot of stuff on it, and it’s getting bigger every day. Once upon a time, there were fewer than 100 nodes on the Internet, and that time is long past. KV has three Internet-enabled devices within arm’s reach, and, if you think a billion users of the Internet aren’t scary, try multiplying that by 10 once every fridge, microwave, and hotel alarm clock can spew packets into the ether(net). Let’s get this straight: if you attach something to a network—any network—it had better be secured as well as possible, because I am quite tired of being awakened by the sound of the gnashing of teeth caused by each and every new network security breach. The Internet reaches everywhere, and if even Continue reading
Understanding the Use of Universal CPE
The goal is to transform the telco network into a cloud-centric platform.
Who Controls The Internet?
The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control the flow of mail, CNAME records are used to implement content delivery networks (CDN) services, and TXT records are used to confirm access to and control over a namespace when implementing third party services. This post will cover an interesting case where control is exercised first via the DNS and then using BGP.
Below the DNS, in the depths of internet plumbing, is the lizard brain of internet routing, which is governed by the border gateway protocol (BGP). A common term to describe BGP routing is “hot potato” routing. BGP conversations occur between autonomous systems, ASes, which are identified by their autonomous system number ASN. The ASN represents a system of networks and the policy associated with their routing. ASes are issued regionally by Regional Internet Registries (RIRs), which receive blocks of AS numbers to hand out from the Internet Assigned Numbers Authority Continue reading