Global Infrastructure Security and IPv6 Implications. Larry J. Blunk Fall 2004 Internet2 Member Meeting September 29, 2004
|
|
- Phebe Roberts
- 8 years ago
- Views:
Transcription
1 Global Infrastructure Security and IPv6 Implications Larry J. Blunk Fall 2004 Internet2 Member Meeting September 29,
2 Defining GlobGg infbasfrusrfee Internet Global Infrastructure consists of core Internet services which are globally deployed and coordinated Also referred to as Critical Infrastructure DNS and BGP are traditional Global Infrastructure PKI may be considered as well Will consider security and IPv6 implications Cannot look at IPv6 in isolation as IPv4 will be a major part of Global Infrastructure for many years 2 Merit Network: Connecting People and Organizations Since 1966 Slide 2
3 ProGnugKeyg infbasfrusrfe PKI defned here as X.50 standards and Certifcate Authorities Deployment of PKI for site certfcates is partially motivated by lack of security in underlying DNS and BGP protocols However, PKI cannot be relied on to completely cure the security issues of DNS and BGP 3 Merit Network: Connecting People and Organizations Since 1966 Slide 3
4 PK gggnmnsbsnlia Ubiquitous use of PKI could lessen need to secure DNS and BGP Unlikely to be deployed on all services due to performance overhead and complexity issues Most users unaware of when they are making a secured connection and why it is important How many check the litle padlock in the cornerr Issues with Certifcate Authorities and validation procedures 4 Merit Network: Connecting People and Organizations Since 1966 Slide 4
5 PK,g PSEC,gbidg Pv6 IPSec is a critical security component of IPv6 Ofen cited as a primary security advantage of IPv6 Mandated in protocol Not integrated as an aferthought as in IPv4 PKI support can be integrated with IPSEC to ease manageability and deployment IETF pki4ipsec working group addressing issues 5 Merit Network: Connecting People and Organizations Since 1966 Slide 5
6 PK g Pv6gnmpGemeisbsnlia X.50 standards include IPv6 support RFC3285 University of Murcia has developed a set of services around PKI with full IPv6 support Provides users with basic certifcation services such as the issuance, renewal, and revocation of certifcates, as well as advanced services Open source, writen in ava htpp::pkixumuxeuro6ixxorg IPv6 only secure site -- htpsp::pkixipv6xumxes 6 Merit Network: Connecting People and Organizations Since 1966 Slide 6
7 DNSgSeurfnsyg-gDNSSEC DNSSEC has been in development for 0 years Close to fnaliiing third major revision RFC2.3.bis With standards largely fnaliied work is progressing on deployment road map Issues with key management, distribution, and signing the root ione Does not address weaknesses in underlying BGP routing infrastructure 7 Merit Network: Connecting People and Organizations Since 1966 Slide 7
8 DNSSECgbidg Pv6 DNSSEC standards protocol agnostic BIND 0 supports both DNSSEC and IPv6 NLNet labs has developed a dig-like debuging:query tool called Drill for DNSSEC includes IPv6 support There are issues with.12-byte UDP packet limit and IPv6 glue record support in root ione NLNet Labs released a study on the issue DNSSEC will likely compound the.12-byte problem 8 Merit Network: Connecting People and Organizations Since 1966 Slide 8
9 SeurfningB P BGP security is less advanced than DNSSEC Secure BGP (S-BGP) has been in development for roughly 7 years (BBN Technologies) No consensus that S-BGP is the right path RPSEC WG still looking at security requirements Cisco alternative - Secure Origin BGP (sobgp) Other proposals have been presented Inter-domain Routing Validation (IRV) AT&T Research Secure Path Vector (SPV) - CMU 9 Merit Network: Connecting People and Organizations Since 1966 Slide 9
10 SeurfningB Pg g Pv6g nmpgnubsnlia IPv6 represents an opportunity due to its considerably smaller deployment 6.5 global routing table entries versus 145,555+ for IPv4 All IPv6 allocations have been made by Regional Internet Registries (RIRs) and are well documented Unlike IPv4 there are no legacy allocations IPv6 could serve well as an initial deployment base for a secured BGP protocol Registries should consider PKI needs of Secure BGP 10 Merit Network: Connecting People and Organizations Since 1966 Slide 10
11 isefnmgb Pgaeurfnsyg-gfGsefnin Filter prefx announcements and only allow those which have been confgured for a given origin AS Has been an application of routing registries for a considerable time Many ISPs have tools and experience with it IPv6 presents an opportunity due far fewer prefxes in global routing tables Filtering in core transit backbones more feasible RPSLng work updates Routing Policy Specifcation Language to support IPv6 (more laterxxx) 11 Merit Network: Connecting People and Organizations Since 1966 Slide 11
12 isefnmgb Pgaeurfnsyg g mlinslfningbidgilsnfubsnli Use routing registries or other databases to confgure normative routing policy Alert when anomalous routing event detected Use various BGP collectors as data sources More fexible than simple origin AS fltering Can monitor AS PATH and other atributes Cannot prevent atacks -- reactive mechanism Alert may not be received if sent in-band Does not require cooperation of other providers 12 Merit Network: Connecting People and Organizations Since 1966 Slide 12
13 RPSLingbidg Pv6gflrsningplGnuy RPSLng updates Routing Policy Specifcation language standard to support IPv6 and Multicast Internet Draf has received IESG approval Now awaiting RFC Editor for approval Merit and RIPE have both implemented the RPSLng spec and are coordinating production deployment Planning on deploying within a month Merit has updated RADB whois server to support for whois queries over IPv6 - v6xradbxnet 13 Merit Network: Connecting People and Organizations Since 1966 Slide 13
14 Renefeiuea PKI WG - htpp::wwwxietfxorg:htmlxcharters:pkix-charterxhtm Infrastructure Securityp PKI, IPSec, DNSsec, IPv6 -- htpp::wwwxisocxorg:isoc:conferences:inet:54:documents:sein IT_3_INET2554_InfrastructureXpdf UMU PKIv6 - htpsp::pkixumuxeuro6ixxorg:pkiv6xhtml IETF pki4ipsec WG - htpp::wwwxietfxorg:htmlxcharters:pki4ipsec-charterxhtml DNSSEC - htpp::wwwxdnssecxnet DNSSEC Deployment - htpp::wwwxsdlxsrixcom:other:dnssec Drill - htpp::wwwxnlnetlabsxnl:dnssec:drillxhtml 14 Merit Network: Connecting People and Organizations Since 1966 Slide 14
15 Renefeiueag(uli'd) Adding IPv6 glue to the root ione - htpp::wwwxnlnetlabsxnl:ipv6:publications:v6rootgluexpdf S-BGP - htpp::wwwxnet-techxbbnxcom:sbgp:sbgp-indexxhtml RPSEC - htpp::wwwxietfxorg:htmlxcharters:rpsec-charterxhtm SoBGP - htpp::wwwxnanogxorg:mtg-5356:pdf:alvaroxpdf IRV - htpp::wwwxisocxorg:isoc:conferences:ndss:53:proceedings:pa pers:.xpdf SPV - htpp::wwwxecexcmuxedu:/adrian:projects:spvxpdf RPSLng - htpp::wwxradbxnet:rpslngxhtml 15 Merit Network: Connecting People and Organizations Since 1966 Slide 15
BGP Routing. Course Description. Students Will Learn. Target Audience. Hands-On
Hands-On Course Description This Hands-On course on (Border Gateway Protocol), from the basics of how it works through to advanced issues such as route reflectors, policy, filtering, route selection and
More informationEnabling Operational Use of RPKI via Internet Routing Registries
CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS Enabling Operational Use of RPKI via Internet Routing Registries Merit Network, Inc. Dr. Joe Adams 17 September 2013 Agenda Introduction Technical Approach
More informationAPNIC Trial of Certification of IP Addresses and ASes
APNIC Trial of Certification of IP Addresses and ASes RIPE 51 11 October 2005 Geoff Huston 1 Address and Routing Security What we have today is a relatively insecure system that is vulnerable to various
More informationResource Certification. Alex Band Product Manager
Resource Certification Alex Band Product Manager The RIPE NCC involvement in RPKI The authority on who is the registered holder of an Internet Number Resource in our region IPv4 and IPv6 Address Blocks
More informationMeasuring IPv6 Deployment. Geoff Huston APNIC December 2009
Measuring IPv6 Deployment Geoff Huston APNIC December 2009 IPv4 address exhaustion Total Address Count Adver0sed Count IANA Pool Unadver0sed Count IPv4 address exhaustion The model of address consumption
More informationPresented by Jordi Palet jordi.palet@consulintel.es Consulintel. University of Murcia (Spain)
Presented by Jordi Palet jordi.palet@consulintel.es Consulintel University of Murcia (Spain) PKIs... key element for providing security to distributed and dynamic networks and services New context/new
More informationIPv6 Addressing. ISP Training Workshops
IPv6 Addressing ISP Training Workshops 1 Where to get IPv6 addresses p Your upstream ISP p Africa n AfriNIC http://www.afrinic.net p Asia and the Pacific n APNIC http://www.apnic.net p North America n
More informationDatabase Update. Johan Åhlén Assistant Manager and Denis Walker Business Analyst
Database Update Johan Åhlén Assistant Manager and Denis Walker Business Analyst RIPE Database statistics 2,500 unit and integration tests 1,500 end-to-end tests Operational stats: https://www.ripe.net/data-tools/stats/ripe-database
More informationA PKI For IDR Public Key Infrastructure and Number Resource Certification
A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC If You wanted to be Bad on the Internet And you wanted to: Hijack a site Inspect
More informationInternational Telecommunication Union. IETF Security Work. Magnus Nyström. Technical Director, RSA Security Presentation made on behalf of the IETF
International Telecommunication Union IETF Security Work Magnus Nyström Technical Director, RSA Security Presentation made on behalf of the IETF Background Internet Engineering Task Force o International
More informationUse Domain Name System and IP Version 6
Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)
More informationIPV6 DEPLOYMENT GUIDELINES FOR. ARRIS Group, Inc.
IPV6 DEPLOYMENT GUIDELINES FOR CABLE OPERATORS Patricio i S. Latini i ARRIS Group, Inc. Current IPv4 Situationti IANA has already assigned the last IPv4 Blocks to the RIRs. RIRs address exhaustion may
More informationCIRA s experience in deploying IPv6
CIRA s experience in deploying IPv6 Canadian Internet Registration Authority (CIRA) Jacques Latour Director, Information Technology Ottawa, April 29, 2011 1 About CIRA The Registry that operates the Country
More informationInternet Structure and Organization
Internet Structure and Organization Resources management and allocation Bernard.Tuy@renater.fr Introduction What s the Internet? Why organizations / bodies are needed? Define protocol specifications Agree
More informationDNSSEC Deployment a case study
DNSSEC Deployment a case study Olaf M. Kolkman Olaf@NLnetLabs.nl RIPE NCCs Project Team: Katie Petrusha, Brett Carr, Cagri Coltekin, Adrian Bedford, Arno Meulenkamp, and Henk Uijterwaal Januari 17, 2006
More informationpage 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl http://www.nlnetlabs.nl/ 28 Feb 2013 Stichting NLnet Labs
page 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl page 2 One slide DNS Root www.nlnetlabs.nl A Referral: nl NS www.nlnetlabs.nl A 213.154.224.1 www.nlnetlabs.nl A www.nlnetlabs.nl A 213.154.224.1
More informationIntroduction to The Internet. ISP/IXP Workshops
Introduction to The Internet ISP/IXP Workshops 1 Introduction to the Internet Topologies and Definitions IP Addressing Internet Hierarchy Gluing it all together 2 Topologies and Definitions What does all
More informationAn Introduction to the Domain Name System
An Introduction to the Domain Name System Olaf Kolkman Olaf@nlnetlabs.nl October 28, 2005 Stichting NLnet Labs This Presentation An introduction to the DNS Laymen level For non-technologists About protocol
More informationWhat's inside the cloud?!
What's inside the cloud?! Initial Arpanet Initial Arpanet Interface Message Processors - DDP-516 mini-computers - 24 Kbyte of Core memory - Store-and-forward packet switching - Predecessors of present
More informationRIPE Policy Development Process
RIPE Policy Development Process And some recent topics 1 Overview RIPE RIPE Policy Development Process (PDP) Current Topics - IPv4 Depletion - IPv6 Deployment 2 RIPE Folks in Europe talking about TCP/IP
More informationDraft WGIG issue paper on Network and Information Security
Draft WGIG issue paper on Network and Information Security This paper is a 'draft working paper' reflecting the preliminary findings of the drafting team. It has been subject to review by all WGIG members,
More informationHow To Stop A Malicious Dns Attack On A Domain Name Server (Dns) From Being Spoofed (Dnt) On A Network (Networking) On An Ip Address (Ip Address) On Your Ip Address On A Pc Or Ip Address
DNS Amplification Are YOU Part of the Problem? (RIPE66 Dublin, Ireland - May 13, 2013) Merike Kaeo Security Evangelist, Internet Identity merike@internetidentity.com INTRO Statistics on DNS Amplification
More informationHow To Manage Ipv6 Networks On A Network With Ipvv6 (Ipv6) On A Pc Or Ipv4 (Ip6) (Ip V6) Or Ip V6 ( Ipv5) ( Ip V5
IPv6 networks management Simon.Muyal@renater.fr Contribs Bernard Tuy, Renater Simon Muyal, Renater Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul, 6WIND Simon Muyal
More informationThe ISP Column A monthly column on things Internet. Securing BGP with BGPsec. Introduction
The ISP Column A monthly column on things Internet July 2011 Geoff Huston Randy Bush Securing BGP with BGPsec Introduction For many years the Internet's fundamental elements names and addresses were the
More informationDNS at NLnet Labs. Matthijs Mekking
DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the
More informationAddress Scheme Planning for an ISP backbone Network
Address Scheme Planning for an ISP backbone Network Philip Smith Consulting Engineering, Office of the CTO Version 0.1 (draft) LIST OF FIGURES 2 INTRODUCTION 3 BACKGROUND 3 BUSINESS MODEL 3 ADDRESS PLAN
More informationRPKI Tutorial. Certification. Goals. Current Practices in Filtering
RPKI Tutorial MENOG 10, Dubai UAE Marco Hogewoning Trainer Goals Explain where it started Learn what resources certificates are Learn how to request a certificate Learn how to create a Route Origin Authorization
More informationIntroduction to RPSL. TorIX Meeting, September 2004 Joe Abley, jabley@isc.org
Introduction to RPSL TorIX Meeting, September 2004 Joe Abley, jabley@isc.org Agenda Some handwaving about why any of this is actually useful Architectural overview Incredibly brief history lesson Brief
More informationThe Internet. On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet.
The Internet Introductory material. An overview lecture that covers Internet related topics, including a definition of the Internet, an overview of its history and growth, and standardization and naming.
More informationIPv6 RIPEness from 4 to 5 stars. Vesna Manojlovic Community Builder for Measurement Tools BECHA@ripe.net
IPv6 RIPEness from 4 to 5 stars Vesna Manojlovic Community Builder for Measurement Tools BECHA@ripe.net SEE4, Belgrade, 2015 IPv6RIPEness.ripe.net 2 Measure of IPv6 readiness for LIRs - allocation - reverse
More informationSecurity Services on IPv6 Networks: PKIv6 and IPv6-VPNs
Security Services on IPv6 Networks: PKIv6 and IPv6-VPNs Antonio F. Gómez Skarmeta University of Murcia SPAIN 1Year Subactivity Description Mobility on IPv6 networks Going to be coordinated
More informationIntroduction to The Internet
Introduction to The Internet ISP Workshops Last updated 5 September 2014 1 Introduction to the Internet p Topologies and Definitions p IP Addressing p Internet Hierarchy p Gluing it all together 2 Topologies
More information(R)Evolutionary Bootstrapping of a Global PKI for Securing BGP
(R)Evolutionary Bootstrapping of a Global PKI for Securing BGP Yih-Chun Hu UIUC David McGrew Cisco Systems Adrian Perrig CMU / CyLab Brian Weis Cisco Systems Dan Wendlandt CMU / CyLab ABSTRACT Most secure
More informationAbout the Technical Reviewers
About the Author p. xiii About the Technical Reviewers p. xv Acknowledgments p. xvii Introduction p. xix IPv6 p. 1 IPv6-Why? p. 1 IPv6 Benefits p. 2 More Address Space p. 2 Innovation p. 3 Stateless Autoconfiguration
More informationIPv6-only hosts in a dual stack environnment
IPv6-only hosts in a dual stack environnment using Free Software Frédéric Gargula, Grégoire Huet Background on IPv4 and IPv6 usage IPv4 addresses depletion doesn't need to be reminded No straight way exists
More informationChapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)
Chapter 3 TCP/IP Networks 3.1 Internet Protocol version 4 (IPv4) Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely
More informationNetwork and Host Addresses 1.3. 2003, Cisco Systems, Inc. All rights reserved. INTRO v1.0a 6-4
IP Addressing To facilitate the routing of packets over a network, the TCP/IP protocol suite uses a 32-bit logical address known as an IP address. This topic introduces the components of an IP address.
More informationNetwork measurement II. Sebastian Castro NZRS 27 th May 2015 Victoria University
Network measurement II Sebastian Castro NZRS 27 th May 2015 Victoria University Agenda Network measurement in the wild Common pitfalls in methodologies Network measurement datasets Stories Our work AMP
More informationBGP route monitoring. Mar, 25, 2008 Matsuzaki maz Yoshinobu <maz@telecom-isac.jp>, <maz@iij.ad.jp>
BGP route monitoring Mar, 25, 2008 Matsuzaki maz Yoshinobu , 1 abstract BGP prefix hijack is a serious security issue in the internet, and these events have been widely
More informationInternet Engineering Task Force (IETF) Category: Best Current Practice ISSN: 2070-1721 Facebook, Inc. S. Sheppard ATT Labs June 2011
Internet Engineering Task Force (IETF) Request for Comments: 6302 BCP: 162 Category: Best Current Practice ISSN: 2070-1721 A. Durand Juniper Networks I. Gashinsky Yahoo! Inc. D. Lee Facebook, Inc. S. Sheppard
More informationIPv6@ARIN. Matt Ryanczak Network Operations Manager
IPv6@ARIN Matt Ryanczak Network Operations Manager 1990 1995 2004 2009 IPv6 Timeline IETF starts thinking about successors to IPv4. RFC1817 CIDR and Classful Routing RFC 1883 Draft IPv6 Spec RFC 3775 IPv6
More informationIPv6 Practices on China Mobile IP Bearer Network
IPv6 Practices on China Mobile IP Bearer Network draft-chen-v6ops-ipv6-bearer-network-trials-00.txt IETF 81-Quebec, July 2011 G. Chen, T. Yang, L. Li and H. Deng Background China Mobile IPv6 trial program
More informationMultihoming: An Overview
Multihoming: An Overview & a brief introduction to GSE(8+8) Lixia Zhang IAB BOF on IPv6 Multihoming RIPE 2006 Customer network 1 1.1.16.0/20 Single Home Global Routing Table...... 1.1.0.0/16 2.2.0.0/16.......
More informationRequest for Comments: 1788 Category: Experimental April 1995
Network Working Group W. Simpson Request for Comments: 1788 Daydreamer Category: Experimental April 1995 Status of this Memo ICMP Domain Name Messages This document defines an Experimental Protocol for
More informationSecure routing: State-of-the-art deployment and impact on network resilience
Secure Routing July 10 Secure routing: State-of-the-art deployment and impact on network resilience About ENISA: The European Network and Information Security Agency (ENISA) is an EU agency created to
More informationComments to WGIG on Draft Working Papers Identifying Issues for Internet Governance. Submitted by APNIC http://www.apnic.net
Comments to WGIG on Draft Working Papers Identifying Issues for Internet Governance Submitted by APNIC http://www.apnic.net Contact: Paul Wilson, Director General Email: Do you have any
More informationInternet Bodies. Bernard.Tuy@renater.fr
Internet Bodies Bernard.Tuy@renater.fr Agenda Names, Acronyms in the Internet IETF organisation IESG, IAB, ISOC ICANN & IANA Standardisation process Standardisation compliance Internet Registries Requesting
More information2014 IANA FUNCTIONS CUSTOMER SERVICE SURVEY RESULTS. Survey by Ebiquity Report by Leo Vegoda & Marilia Hirano
2014 IANA FUNCTIONS CUSTOMER SERVICE SURVEY RESULTS Survey by Ebiquity Report by Leo Vegoda & Marilia Hirano November 2014 Table of Contents Survey objective 1 Executive summary 2 Methodology 4 General
More informationMPLS VPN Security Best Practice Guidelines
Security Best Practice Guidelines con 2006 May 24 2006 Monique Morrow and Michael Behringer Distinguished Consulting Engineer and Distinguished Systems Engineer Cisco Systems, Inc. mmorrow@cisco.com mbehring@cisco.com
More informationmydnsipv6 Success Story
Internet Identity For All mydnsipv6 Success Story By Norsuzana Harun Manager, Technology and Innovation Dept. 20 th July 2009 Agenda 1. About mydnsipv6 mydnsipv6 Roadmap (2006 2010) 2. mydnsipv6 Test Bed
More informationGovernment of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall
Government of Canada Managed Security Service (GCMSS) Date: July 12, 2012 TABLE OF CONTENTS 1 FIREWALL... 1 1.1 SECURITY...1 1.2 STANDARDS...1 1.3 FAILOVER...2 1.4 PERFORMANCE...3 1.5 REPORTING...3 1.6
More informationInternet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation
Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu IEEE Distinguished
More informationChapter 4 Network Layer
Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete
More informationRecommendations for dealing with fragmentation in DNS(SEC)
Recommendations for dealing with fragmentation in DNS(SEC) Abstract DNS response messages can sometimes be large enough to exceed the Maximum Transmission Unit (MTU) size for the underlying physical network.
More informationLayer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers
Layer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers So, what is path discovery and why is it important? Path discovery
More informationInternet Topology Discovery Using Active Probing
UNIVERSITÀ DEGLI STUDI ROMA TRE DOTTORATO DI RICERCA IN INGEGNERIA INFORMATICA XVIII CICLO 2006 Internet Topology Discovery Using Active Probing Lorenzo Colitti UNIVERSITÀ DEGLI STUDI ROMA TRE DOTTORATO
More informationGlobal IP Network Mobility using Border Gateway Protocol (BGP)
Global IP Network Mobility using Border Gateway Protocol (BGP) Andrew L. Dul Network Engineering Connexion by Boeing andrew.l.dul@boeing.com March 2006 ABSTRACT Connexion by Boeing provides real-time,
More informationThe Internet Introductory material.
The Internet Introductory material. An overview lecture that covers Internet related topics, including a definition of the Internet, an overview of its history and growth, and standardization and naming.
More informationBGP. 1. Internet Routing
BGP 1. Internet Routing (C) Herbert Haas 2005/03/11 1 Internet Routing Interior Gateway Protocols (IGPs) not suitable for Inter-ISP routing Technical metrics only No policy features Inter-ISP routing is
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationJapan Registry Services. Copyright 2005 Japan Registry Services Co., LTD.
Phishing: economical benefit Alternative root Spoofed packet ISP Resolver server (2)www.example.jp A (1)www.example.jp A (8)www.example.jp A is 192.168.100.1 Root servers (3)JP Servers know (JP NS+glue)
More informationThe Survey Report on DNS Cache & Recursive Service in China Mainland
The Survey Report on DNS Cache & Recursive Service in China Mainland Wei WANG, Chinese Academy of Sciences Zhiwei YAN, China Internet Network Information Center Motivation Improve the traditional recursive
More informationLaw Enforcement and Internet Governance: An Ounce of Prevention Is Worth a Pound of Cure
Law Enforcement and Internet Governance: An Ounce of Prevention Is Worth a Pound of Cure Supervisory Special Agent Robert Flaim Federal Bureau of Investigation (FBI) Operational Technology Division Global
More informationUniversity of Murcia (Spain) Antonio F. Gómez Skarmeta skarmeta@dif.um.es. University of Murcia SPAIN
University of Murcia (Spain) Antonio F. Gómez Skarmeta skarmeta@dif.um.es University of Murcia SPAIN Network Security in IPv6 IPv6 IPsec/IKE Implementations UMU-PKIv6 Policy-Based Network Management (PBNM)
More informationDDoS attacks in CESNET2
DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities
More informationIXP Manager Workshop. 27 th Euro-IX Forum October 25 th 2015 Berlin, Germany
IXP Manager Workshop 27 th Euro-IX Forum October 25 th 2015 Berlin, Germany Barry O Donovan & Nick Hilliard, INEX Ireland s Internet Neutral Exchange Point operations@inex.ie What is IXP Manager? Full
More informationEDU DNSSEC Testbed. Shumon Huque, University of Pennsylvania Larry Blunk, MERIT Network
EDU DNSSEC Testbed Shumon Huque, University of Pennsylvania Larry Blunk, MERIT Network Internet2 Joint Techs Conference Salt Lake City, Utah February 2nd 2010 1 DNSSEC DNS Security Extensions A system
More informationInternet Engineering Task Force (IETF) Category: Informational June 2010 ISSN: 2070-1721
Internet Engineering Task Force (IETF) R. Johnson Request for Comments: 5859 Cisco Systems, Inc. Category: Informational June 2010 ISSN: 2070-1721 Abstract TFTP Server Address Option for DHCPv4 This memo
More informationInternet Engineering Task Force (IETF) Request for Comments: 6761. Category: Standards Track February 2013 ISSN: 2070-1721
Internet Engineering Task Force (IETF) S. Cheshire Request for Comments: 6761 M. Krochmal Updates: 1918, 2606 Apple Inc. Category: Standards Track February 2013 ISSN: 2070-1721 Abstract Special-Use Domain
More informationRoot zone update for TLD managers Mexico City, Mexico March 2009
Root zone update for TLD managers Mexico City, Mexico March 2009 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers A quick census 280 delegated 11 testing 280 delegated
More informationManaging security-relevant data from measurements on Internet scale
Managing security-relevant data from measurements on Internet scale (Tales from the road) Ralph Holz 9 June 2015 About the speaker PhD from Technische Universität München, 2014 Dissertation on measurement
More informationTopic 1: Internet Architecture & Addressing
Topic 1: Internet Architecture & Addressing Objectives Understand the general architecture of Internet Identify the main actors in the Internet architecture Identify the main organizations implied in Internet
More informationHi-BGP: A Lightweight Hijack-proof Inter-domain Routing Protocol
1 Hi-BGP: A Lightweight Hijack-proof Inter-domain Routing Protocol Jian Qiu and Lixin Gao Department of ECE, University of Massachusetts, Amherst, MA 01002 jqiu@ecs.umass.edu, lgao@ecs.umass.edu Abstract
More informationSecurity, Privacy, and the Effects of Ubiquitous Encryption. Kathleen Moriarty Security Area Director (Speaking for myself, not the IETF)
Security, Privacy, and the Effects of Ubiquitous Encryption Kathleen Moriarty Security Area Director (Speaking for myself, not the IETF) Motivation for Increased Privacy Protections BULLRUN/EDGEHILL RADON
More informationHP and IPv6 Deployment. Bill Medlin HP-UX IPv6 Project Manager
HP and IPv6 Deployment Bill Medlin HP-UX IPv6 Project Manager OUTLINE Why IPv6? Current HP-UX IPv6 Features IPv6 Customer Experience HP-UX and IPv6 Deployment HP Strategy for IPv6 page 2 Why IPv6? Immediate
More informationNo need to operate a DHCP server. If a server s IP address changes, clients will lose the ability to access it!
setting IP addresses copyright 2015 Robert Montante Static Address Assignments Suitable for small networks No need to operate a DHCP server Necessary for server systems If a server s IP address changes,
More informationINTERNET ORGANIZATION OVERVIEW OF THE INTERNET'S ORGANIZATION AND MAIN STANDARD BODIES. Internet Organization. Peter R. Egli INDIGOO.COM. indigoo.
INTERNET ORGANIZATION OVERVIEW OF THE INTERNET'S ORGANIZATION AND MAIN STANDARD BODIES Peter R. Egli INDIGOO.COM 1/17 Contents 1. Internet Organizations 2. Why the Internet is called Inter-Net 3. Internet
More informationIANA Functions to cctlds Sofia, Bulgaria September 2008
IANA Functions to cctlds Sofia, Bulgaria September 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers What is IANA? Internet Assigned Numbers Authority
More informationAT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0
AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0 Introduction...2 Overview...2 1. Technology Background...2 2. MPLS PNT Offer Models...3
More information2013 IANA Functions Customer Service Survey Results
2013 IANA Functions Customer Service Survey Results Survey by Ebiquity Report by Leo Vegoda Please see Errata attached at the end of this document. Revised Version effective March 2015 2013 IANA Functions
More informationDNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April 2009. Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa. DNS & IPv6.
DNS & IPv6 MENOG4, 8-9 April 2009 Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa Agenda DNS & IPv6 Introduction What s next? SaudiNIC & IPv6 About SaudiNIC How a cctld Registry supports
More informationIPv6 Deployment Strategies
Version History Version Number Date Notes 1 10/15/2001 This document was created. 2 11/13/2001 Update to the explanation of NAT along tunnel paths. 3 03/08/2002 Update to the Related Documents section.
More informationLab 8.3.2 Conducting a Network Capture with Wireshark
Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web
More informationEmbedded BGP Routing Monitoring. Th. Lévy O. Marcé
Embedded BGP Routing Monitoring Th. Lévy O. Marcé Introduction & Motivations Off-line BGP routing monitoring initiatives (i.e based on router logs) already exist: Periodic report : The CIDR Report Objective
More informationJPNIC Public Forum. Paul Vixie. Chairman, Internet Software Consortium. January 21, 2003
JPNIC Public Forum Paul Vixie Chairman, Internet Software Consortium January 21, 2003 1 Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect
More informationNetwork Level Multihoming and BGP Challenges
Network Level Multihoming and BGP Challenges Li Jia Helsinki University of Technology jili@cc.hut.fi Abstract Multihoming has been traditionally employed by enterprises and ISPs to improve network connectivity.
More information2015 IANA Functions Customer Service Survey Results
2015 IANA Functions Customer Service Survey Results Report on the third annual customer service satisfaction survey administered by Ebiquity Marilia Hirano November 2015 Contents Survey objective... 3
More informationOpen Source Routing Forum. ISC Technology Leadership for the Common Good. Keith Mitchell EIX WG, RIPE62
Open Source Routing Forum ISC Technology Leadership for the Common Good Keith Mitchell EIX WG, RIPE62 Open Source Routing Forum ISC has been asked to build a Open Source Routing Forum that will invest,
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationTowards a Next- Generation Inter-domain Routing Protocol. L. Subramanian, M. Caesar, C.T. Ee, M. Handley, Z. Mao, S. Shenker, and I.
Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M. Handley, Z. Mao, S. Shenker, and I. Stoica Routing 1999 Internet Map Coloured by ISP Source: Bill Cheswick,
More informationDNSSEC in your workflow
DNSSEC in your workflow Presentation roadmap Overview of problem space Architectural changes to allow for DNSSEC deployment Deployment tasks Key maintenance DNS server infrastructure Providing secure delegations
More informationDNSSEC - Why Network Operators Should Care And How To Accelerate Deployment
DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment Dan York, CISSP Senior Content Strategist, Internet Society Eurasia Network Operators' Group (ENOG) 4 Moscow, Russia October
More informationMPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net
MPLS Layer 3 and Layer 2 VPNs over an IP only Core Rahul Aggarwal Juniper Networks rahul@juniper.net Agenda MPLS VPN services and transport technology Motivation for MPLS VPN services over an IP only core
More informationIntroduction to the DANE Protocol
Introduction to the DANE Protocol ICANN 47 July 17, 2013 Internet Society Deploy360 Programme Providing real-world deployment info for IPv6, DNSSEC, routing and other Internet technologies: Case Studies
More informationIPv6 Address Planning
eip604_v1.0 APNIC elearning: IPv6 Address Planning Contact: training@apnic.net Overview Where to Get IPv6 Addresses Addressing Plans ISP Infrastructure Addressing Plans Customer Example Address Plan Addressing
More informationDNS Risks, DNSSEC. Olaf M. Kolkman and Allison Mankin. olaf@nlnetlabs.nl and mankin@psg.com. http://www.nlnetlabs.nl/ 8 Feb 2006 Stichting NLnet Labs
DNS Risks, DNSSEC Olaf M. Kolkman and Allison Mankin olaf@nlnetlabs.nl and mankin@psg.com 8 Feb 2006 Stichting NLnet Labs DNSSEC evangineers of the day Allison: Independent consultant Member of the Internet2
More informationBT Internet Connect Global - Annex to the General Service Schedule
1. Definitions The following definitions apply, in addition to those in the General Terms and Conditions and the General Services Schedule. ARP means Address Resolution Protocol. Border Gateway Protocol
More informationBorder Gateway Protocol BGP4 (2)
Border Gateway Protocol BGP4 (2) Professor Richard Harris School of Engineering and Advanced Technology (SEAT) Presentation Outline Border Gateway Protocol - Continued Computer Networks - 1/2 Learning
More informationThe IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions
The IANA Functions An Introduction to the Internet Assigned Numbers Authority (IANA) Functions Contents SECTION 1: INTRODUCTION 4 SECTION 2: POLICY, STAKEHOLDERS AND STEWARDSHIP IMPLEMENTATION 6 SECTION
More information