In the previous installment of our series of IPv6 security posts, we covered some of the ways addressing has changed in IPv6 compared to IPv4. In this post, we’ll talk about some of the things to consider when securing IPv6 compared to IPv4. Before digging into this topic, however, it is important to remember that while IPv6 may have different security concerns than IPv4, it is not necessarily any more secure than IPv4. Furthermore, the post will focus on those aspects that are different or unique to IPv6, since many of the common best practices for IPv4 networks also apply to IPv6 networks.
It is clear that we are in a transition with regards to the way information is published and consumed. Old school media such as newspapers and network news are in decline or are, like the New York Times and the Wall Street Journal, looking for new ways to remain relevant.
The rise of social media as a source of news has both positive and negative aspects. On the positive side the speed of social media has proven hard to match. For example, on November 23, 2010, North Korea shelled Yeongyeong Island in South Korea. My first notification about that event was via Twitter and it was only later that I was able to get confirmation via CNN. Similarly on March 11, 2011, when the earthquake and subsequent tsunami hit Japan with tragic consequences, my first notification was again via Twitter. Clearly first-mover advantage goes to social media, largely due to the lack of overhead and the few barriers to and low cost of publishing.
Recently we saw one of the weaknesses to the often knee-jerk, fast-twitch responses that social media can create with the unfortunate accusations that were falsely leveled at Samsung; statements accusing the Korean manufacturer of putting keylogging software on its laptops. Read More »
Recent media reports have focused on a mass SQL injection attack involving a malware domain named lizamoon.com. While the lizamoon.com domain is new, this particular series of SQL injection compromises is actually several months old. Cisco ScanSafe logs record the first instance on 20-sep-10 21:58:08 GMT. Since then, various malware domains have been used for a total of 42 domains signifying 42 separate occurrences of these compromises since September 2010. Lizamoon.com was the 41st of these.
Cisco ScanSafe data reveals that from Sept 2010 to Feb 2011, all the compromises were on smaller, low traffic sites. Any encounters likely resulted from Web searches for very niche topic areas. As a result, the number of encounters with these compromised websites remained very low. Most importantly, this attacker is employing severe throttling such that only 0.15% of encounters even result in live content delivery. The remaining 99.85% of encounters are non-resolvable at the time of encounter. The result is a negligible rate of actual encounter with live content.
Recently, during my daily “let’s see what’s happening today” routine, I read an article that struck me in an eerie — better yet, intriguing — manner. The gist of the story is that a crime ring syndicated from cyber space, consisting of Internet-savvy folks and run-of-the-mill thieves, managed to purchase (let’s just call it what it is, steal) thousands of dollars in products while conducting shopping sprees at Apple stores.
Few people in the world would disagree that a network firewall is an essential component for any size datacenter. In fact, operating without one could be considered by many to be network asset suicide! But adding a firewall to an existing datacenter is by no means a trivial task. In fact, the amount of work that would be required to re-cable every physical interface to properly tie it in with the rest of the network is enough to make many network administrators think twice about just how badly they really need that shiny new firewall, versus just sticking with what they have. Add to that the additional rack space, power, cooling, and management required by the new device, and some serious ROI questions may be raised.