Archive

Archive for the ‘Security’ Category

Healthy Paranoia

February 27, 2014 Leave a comment

For those of you not familiar with Healthy Paranoia, it is an excellent podcast on PacketPushers, hosted by the wonderful and brilliant Mrs Y. Check out some of the shows on which Joe had the pleasure of being a guest:

Healthy Paranoia Show 13: To CISSP, or Not to CISSP takes on the question of “the profound problem of security certifications.

http://packetpushers.net/to-cissp-or-not-to-cissp/

Healthy Paranoia Show 9:  Live and Let Scada discusses Scada and ICS security issues.

http://packetpushers.net/healthy-paranoia-show-9-live-and-let-scada/

Healthy Paranoia Show 4: IPv6 Security Smackdown offers up an amusing and informative take on security issues and common vulnerabilities of IPv6.

http://packetpushers.net/healthy-paranoia-show-4ipv6-security-smackdown/

Advertisements
Categories: IPv6, Security Tags: , ,

YBGIBG Security

August 23, 2012 Leave a comment

For the last year, I have been reading many books about start-ups. Currently I am reading a book called “The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses”; a book which in October 2011, debuted at #2 on the New York Times Best Seller list, with CNBC stating that it had “already [become] a must-read for any entrepreneur”.

Throughout this and other books, I see the topic of security risks and protecting customer Information ignored and dismissed.

I guess the meme IBGYBG (I’ll be gone, you’ll be gone) discussed in Thomas L. Friedman’s “Why How Matters”, The New York Times, October 14 2008, applies to the security of business systems and networks.

To paraphrase Mr. Friedman with a security spin, “We got away from the basics — from the fundamentals of prudent security, where the company or organization maintains some kind of personal responsibility for, and personal interest in, whether the person receiving the private data can actually protect it. Instead, we fell into what some people call YBG IBG security: “you’ll be gone and I’ll be gone” before the compromises happen.

What do you think B-School graduates, ‘C-Suite’ set and entrepreneur community? Am I being too hard?

IPv6 support for Cisco/Linksys, D-link is currently in the lead!

June 3, 2012 Leave a comment

After my posting “Cisco / Linksys leave their current customers behind”, I received a facebook post from John Brzozowski, Chief Architect (1), IPv6 and Distinguished Engineer, Comcast Corporation, and friend. He reminded me that Ming-Han Liu Hans (2), IPv6 Evangelist at D-Link(3), has been working hard to upgrade the product line, receiving the IPv6 Ready Certification (4) on many of the D-Link products.

Never heard of the IPv6 Ready Program (4)?  It was created by the IPv6 Forum for the purpose of conformance and interoperability testing to increase user confidence by demonstrating that IPv6 is available now and is ready to be used. The program provides product vendors methods and tools to test their products. In addition they offer certified laboratories, which provide third party validation of a product’s conformance and interoperability.

The reason advantage to consumers and businesses to use the IPv6 Ready Program database is to avoid vendors who claim support for IPv6, but do not do so.  A good example is the company ‘Billion’, which claims IPv6 support on the Wikipedia “Comparison of IPv6 support in routers”, makes a claim of support in their “Product Guide”(5), and even has an “IPv6 Support” logo (6) to convince everyone that it supports IPv6. But when looking up the IPv6 Ready Program page (7), only three products are listed, none of which are products listed in the current Billion Product Guide.

Now back to my original story. Based on the IPv6 Ready Logo Program, D-Link has over 69 IPv6 Ready Certified (8) products including:

  • DIR-652 – Gigabit Home Router (Hardware Revision B1)
  • DIR-653 – Wireless N300 Gigabit Home Router
  • DIR-645 – Whole Home Router 1000
  • DIR-655 – Xtreme N Gigabit Router (Hardware Revision B1)
  • DIR-825 – Xtreme N Dual Band Gigabit Router (Hardware Revision C1)
  • DIR-835 – Wireless N750 Dual-Band Router
  • DHP-1565 – Wireless N PowerLine Gigabit Router

In contrast, Linksys (Cisco Consumer Products LLC) has only 11 IPv6 Ready Certified (9) on new products.

Here is the kicker; D-Link offers upgrade firmware for most existing routers (10), but Cisco does not.  Here is hoping Cisco does the same.

Thank you John and Liu Hans for the information.

———————————–

(1) John Brzozowski Blog: http://blog.comcast.com/author/john-brzozowski/

(2) Hans Liu: https://www.facebook.com/hanhanliu

(3) D-Link,  http://www.dlink.com/

(4) IPv6 Ready Log Program: http://www.ipv6ready.org/

(5) Wikipedia, Comparison of IPv6 support in routers, http://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_routers

(6) Billion Product Guide, http://www.billion.com/product/2011-Billion-Product-Guide.pdf

(7) IPv6 Ready Logo list of Billion products, https://www.ipv6ready.org/db/index.php/public/search/?l=&c=&ds=&de=&pc=&ap=&oem=&etc=&fw=&vn=Billion&do=1&o=6

(8) Dlink – IPv6 Ready Logo Program Approved List: https://www.ipv6ready.org/db/index.php/public/search/?l=&c=&ds=&de=&pc=&ap=&oem=&etc=&fw=&vn=D-Link&do=1&o=6

(9) Cisco – IPv6 Ready Logo Program Approved List: https://www.ipv6ready.org/db/index.php/public/search/?l=&c=&ds=&de=&pc=&ap=&oem=&etc=&fw=&vn=Cisco+Consumer&do=1&o=6

(10) Dlink IPv6 support for existing products, http://www.dlink.com/ipv6

No IPv6 on WordPress, but there are options…

May 30, 2012 Leave a comment

Today I reviewed my blog entries, hosting services, domain names, videos and slides I have created for over 8 years. Once I was complete, only one thing still needed to be tested –  the ability for WordPress to support IPv6. Well they failed and I needed a method to ‘proxy’ my site through an IPv6 to IPv4 infrastructure. The solution was CloudFlare, a provider that frontends IPv4-only websites allowing them to be accessible via IPv6.

The process was quick and easy, took a short time to set it up including making CloudFlare the hosting service for my domain DNS.

Upside: quick and easy

Downside:

        Turning the hosting of my domain names over to another vendor,

        IPv4-only code running under IPv6 is now vulnerable

        CloudFlare’s inability to support DNSSec.

Anyway, for the short term this seems the only solution.

Categories: General, IPv6, Security

With IPv6 being turned on, is keeping IPv4 a bad idea?

May 28, 2012 Leave a comment

Over the last 8 years, I have convinced several large organizations to enable an IPv6 only network, disabling IPv4 completely. The result has been a lower cost of managing the networks, as compared to organizations running dual-stack environments. Another major benefit is mitigating a vast amount of malware, command and controls channels (C&C), and Remote Access Trojans (RATS), lowering the number and cost of compromises.

It now seems others are beginning to think about these issues, according to an article from Government Computer News (GCN).  It looks like Steve Pirzchalski, IPv6 program manager for the Veterans Affairs (VA) Department, gets it.

NOVAHA ShmooCon Epilogue, Graph Theory, Attack Trees & Attack Graphs

February 25, 2012 Leave a comment

I have been interested in graph theory since I worked for the railroad back in the 90’s and even further back when I was working on my degree in the 80’s.  Last year, as a side project (we all seem to have them), I asked the question “Has graph theory been applied to cybersecurity”.  The answer was yes. I discovered 10’s of papers, some great and some not so good, but many more then I realized existed. I also found sample code, working templates and even two commercial products.

After my IPv6 presentation was not accepted for Schmoocon 2012, I decided to present my attack graph findings at the NOVAHA ShmooCon Epilogue event. The event was great, I learned things from all of the speakers, and had many good side discussions.

Here is the video, if you are interested.

Slides are available from this link.

Other videos from the event can be found here:

http://archive.org/details/ShmooconEpilogue2012

Special thanks to Georgia for video taping the conference!

A Cyber-Investigator’s Introduction to IPv6

July 13, 2011 Leave a comment
Categories: IPv6, Security Tags: ,