Archive

Category Archives for "Security"

One-Click DNSSEC with Cloudflare Registrar

One-Click DNSSEC with Cloudflare Registrar
One-Click DNSSEC with Cloudflare Registrar

When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication. If someone was able to poison the DNS responses for your site, they could hijack your visitors' requests.

The Domain Name System Security Extensions (DNSSEC) can help prevent that type of attack by adding a chain of trust to DNS queries. When you enable DNSSEC for your site, you can ensure that the DNS response your users receive is the authentic address of your site.

We launched support for DNSSEC in 2014. We made it free for all users, but we couldn’t make it easy to set up. Turning on DNSSEC for a domain was still a multistep, manual process. With the launch of Cloudflare Registrar, we can finish the work to make it simple to enable for your domain.

You can now enable DNSSEC with a single click if your domain is registered with Cloudflare Registrar. Visit the DNS tab in the Cloudflare dashboard, click "Enable DNSSEC", and we'll handle the rest. If you are Continue reading

Update on Latin America and Caribbean Workshop for Chapter Leaders

In July 2018, the Internet Society’s Latin America and Caribbean Bureau held another edition of the Workshop for Chapter Leaders. Besides discussing the challenges and opportunities of participation in their respective chapters, the 34 attendees began the implementation of several projects related to our 4 key issues of 2018. Starting 2019, I am glad to share with you the main results of these projects.

Participation showed a strong preference for Internet access issues. As a result, 10 of the 23 projects implemented were focused on Community Networks. Following our vocation in favor of the multistakeholder approach and the participation of the community, 8 of the projects took Internet Governance as a central theme. The remaining 5 projects focused on trust and security by focusing on Internet of Things (IoT) and Internet routing security through MANRS.

The results are inspiring, since they reflect the diversity of the Latin American and Caribbean region. In Community Networks, projects include a broad spectrum of related topics, ranging from the deployment and implementation of networks to the analysis and mapping of regulatory conditions to ensure such deployment. In addition, some of the projects focused on capacity building through webinars.

In terms of Internet Governance, awareness Continue reading

Get IoT Smart: Homework for Many Indonesians

Today’s guest post is from Bhredipta Socarana, an Intellectual Property lawyer based in Indonesia and a Youth@IGF Fellow.

As one of the most populated countries, Indonesia has grown as one of the biggest markets for technology development. From the import of various over-the-top platforms to the implementation of Artificial Intelligence, technology has changed the Indonesian livelihood, including my own. This is also the case for Internet of Things (IoT).

As an emerging country, Indonesia admittedly has not been an advance player in responding to technology improvement. Despite the heavy invasion of technology-related products, many Indonesians have homework to do, especially for IoT. The business player needs to be aware of the responsibility of manufacturing and distributing IoT, while the public must also be aware of the various risks that they may be exposed to using IoT products.

Through the rapid development of technology and the intention of the Indonesian government to push the public to enter the “Industrial Revolution 4.0,” it will be mostly impossible to prevent penetration of IoT to our life. This leaves the public with the need to get smart with IoT.

Privacy and cybersecurity are among the issues revolving around IoT, and the need to have a Continue reading

Geo IP Databases are Highly Inaccurate

Lots of network monitoring platforms use GeoIP databases to track/monitor sources. These databases are, perhaps, 75% accurate (for some definition of accurate). This is your regular reminder to have a sense of caution about location based on public IP address. John S. and his mother Ann live in the house, which is in Pretoria, the […]

The post Geo IP Databases are Highly Inaccurate appeared first on EtherealMind.

What Makes IoT A Security Risk?

IoT security is a pretty hot topic in today’s world. That’s because the increasing number of smart devices is causing issues with security professionals everywhere. Consumer IoT devices are expected to top 20 billion by 2020. And each of these smart devices represents an attack surface. Or does it?

Hello, Dave

Adding intelligence to a device increases the number of ways that it can compromised. Take a simple thermostat, for example. The most basic themostat is about as dumb as you can get. It uses the expansion properties of metal to trigger switches inside of the housing. You set a dial or a switch and it takes care of the rest. Once you start adding things like programmability or cloud connection, you increase the number of ways that you can access the device. Maybe it’s a webpage or an app. Maybe you can access it via wireless or Bluetooth. No matter how you do it, it’s more available than the simple version of the thermostat.

What about industrial IoT devices? The same rule applies. In this case, we’re often adding remote access to Supervisory Control And Data Acquistion (SCADA) systems. There’s a big market from enterprise IT providers to create Continue reading

DNS-over-TLS in Linux (systemd)

Whilst we were putting together some content about DNS privacy recently, we learned that recent distributions of Linux ship with support or this. We therefore decided to give Ubuntu 18.10 a try on a laptop.

More recent versions of Ubuntu employ a special service for name resolution called ‘system-resolved.service(8)’. The configuration file ‘resolved.conf(5)’ specifies most of the details for name resolution, including which protocols and resolvers should be employed, whilst the ‘/etc/systemd/network/*.network’ configuration files (see ‘systemd.network(5)’ for details) of the ‘systemd-networkd.service(8)’ specify any per-link specific settings.

The default configuration of ‘systemd-resolved’ is selected at compile time, and ‘/etc/systemd/resolved.conf’ normally contains commented-out lines describing such defaults. For example, the contents of the aforementioned file on a fresh Ubuntu 18.10 installation are:

As may be inferred from the file, DNS-over-TLS (DoT) is supported, but disabled by default. At the time of  writing, only opportunistic DoT is supported according to the manual, which means that the resolver will first try resolution using DoT before falling back to traditional DNS in the event of failure – thus allowing for downgrade attacks where an attacker intentionally causes a DoT failure in order to cause name resolution to downgrade Continue reading

1 71 72 73 74 75 183