Categories
Deploy360 Securing Border Gateway Protocol (BGP)

Video: BGP Blackholing Project (RIPE 68)

How can network operators cooperate to prevent abuse? How do we educate network operators to ensure they’re connecting their network in a secure way to the Internet? In this lightning talk from Lukasz Bromirski from Cisco, learn how operators in Poland are cooperating to prevent network abuse. Lukasz’s talk, entitled “BGP Blackholing Project” is now available for viewing from the RIPE 68 site, and the slides are available for download.

LukaszBromirskiBGPBlackholing

After watching, check out our page on BGPSEC to learn more about securing BGP.

Categories
Deploy360 Securing Border Gateway Protocol (BGP) To archive

Video: RPKI For Provider Independant Resources (RIPE 68)

How can provider independent(PI) address space be validated with the Resource Public Key Infrastructure (RPKI)? How can we get smaller organizations to deploy BGP RPKI? In this lightning talk from Alex Band of RIPE-NCC, learn how an organization with PI address space registered with RIPE-NCC can easily create and access RPKI resources. Previously this was only available to those registered with RIPE-NCC as local Internet registries(LIRs). Alex’s talk, entitled “RPKI for Provider Independent resources” is now available for viewing from the RIPE 68 site, and the slides are available for download.

AlexBand_RPKI_PI

After watching, check out our page on BGPSEC to learn more about deploying BGPSEC and RPKI.

Categories
Deploy360 To archive

Video: DANEs Don’t Lie – DANE/SMTP (RIPE 68)

How can we secure communications between SMTP mail servers? Simply using TLS between servers will not prevent Man In The Middle(MITM) attacks. DNSSEC and DANE to the rescue! Using DANE, SMTP servers can validate X.509 certificates tied to TLS using DNSSEC lookups. In this lightning talk from Carsten Strotmann, learn how this all works and the current status of implementations. His talk, entitled “DANEs don’t lie – DANE/SMTP” is now available for viewing from the RIPE 68 site, and the slides are available for download.

CarstenStrotmannDANEsDontLie

After watching, check out our resources on DNSSEC and DANE.

Categories
Deploy360 Securing Border Gateway Protocol (BGP) To archive

Video: Google DNS Hijacking in Turkey (RIPE 68)

Between March 29 and April 7 of 2014, the Turkish government announced a /32 BGP route for Google’s public DNS. This route redirected users to a DNS server which resolved popular addresses such as twitter.com and youtube.com to Turkish government websites. We previously wrote about this while it was happening. Now Stéphane Bortzmeyer’s talk, entitled “Google DNS Hijacking in Turkey” provides a technical understanding of how the Turkish Government accomplished this, and how he was able to prove it. His talk is now available for viewing from the RIPE 68 site. His slides are also available for viewing.

turkishBGPHijackGoogleDNS

When you’re done watching the video, check out our resources on DNSSEC and how you can deploy it for zones your organization manages. While DNSSEC would not have prevented this hijack from occurring, it could have possibly detected this hijack for end users.

Categories
Deploy360 Improving Technical Security IPv6 To archive

Video: Balancing End-user IPv6 Security and End-to-end Connectivity (RIPE 68)

How do we balance security and functionality for end-users? Should IPv6 customer premise equipment(CPE) have a firewall enabled by default? In this lightning talk from Ragnar Anfinsen, learn about efforts within the Internet Engineering Task Force (IETF) to create a Best Current Practice document addressing this problem. Ragnar gives an update on where the IETF is on this question, and then solicits input from the audience and the operator community. The current version of the Internet draft, draft-ietf-v6ops-balanced-ipv6-security, can be found in the IETF document repository.

Ragnar’s talk, entitled “Balancing End-user Security and End-to-end Connectivity” is now available for viewing from the RIPE 68 site, and the slides are available for download.

RagnarAnfinsenIPv6Security

After watching, check out our page on deploying IPv6 and IPv6 security to learn more about deploying IPv6 securely.

If you are not sure where to start with IPv6, check out our “Start Here” page with suggestions for different types of networks and users.

Categories
Deploy360 IPv6 To archive

Video: The IPv6 Analyser (RIPE 68)

How can operators manage their IPv6 allocations from RIPE-NCC? In this lightning talk from Alex Band of RIPE-NCC, learn how Local Internet Registries(LIRs) can take advantage of a new visualization tool from RIPE-NCC to view and manage their IPv6 address allocations. This new tool helps LIRs develop an addressing plan and visually conceive of both segmentation and aggregation of addresses. Alex’s talk, entitled “The IPv6 Analyser” is now available for viewing from the RIPE 68 site, and the slides are available for download.

AlexBandIPv6Analyser

If you need to develop an IPv6 address plan, check out our IPv6 address planning resources, including several whitepapers and an IPv6 address planning tool.  Additionally, our broader list of IPv6 resources can help get you started, too.

If you are not sure where to start with IPv6, check out our “Start Here” page with suggestions for different types of networks and users.

Categories
Deploy360 IPv6 To archive

Video: IPv6 Troubleshooting for Helpdesks by Jan Zorz (RIPE 68)

What can we do to help operators prepare their helpdesk staff to troubleshoot IPv6? In this lightning talk from Jan Zorz, learn about recent efforts in the RIPE-NCC Best Current Operational Practices (BCOP) working group to provide actionable troubleshooting information for helpdesk workers. Using http://isp.testipv6.com in combination with an error decoder, helpdesk staff can more easily diagnose and repair common IPv6 connectivity issues. Jan’s talk, entitled “IPv6 troubleshooting for helpdesks” is now available for viewing from the RIPE 68 site, and the slides are available for download.

If you are interested in contributing to the “IPv6 Troubleshooting for Helpdesks” document, you can:

The author team is also maintaining the document in a git repository and have a list of issues they are tracking there.  With that, here is the video:

JanZorzIPv6HelpdeskTroubleshooting

After watching, check out our resources on deploying IPv6 and IPv6 training.  Also, you can learn more about our BCOP project where we are working with operator groups around the world to better document their best current operational practices.

If you are not sure where to start with IPv6, check out our “Start Here” page with suggestions for different types of networks and users.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) To archive

Video: DNSSEC Measurement Using Atlas Probes (RIPE 68)

What percentage of DNS resolvers are capable of DNSSEC?  Using RIPE’s Atlas network can we determine the status of the global DNSSEC deployment?  At the recent RIPE 68 conference in Warsaw, Poland, Nicolas Canceill from the University of Amsterdam spoke about recent research he conducted on measuring the DNSSEC deployment.  His talk, “Measuring the Deployment of DNSSEC over the Internet” is now available for viewing from the RIPE 68 site.  His slides are also available for download.

DNSSEC measurement session at RIPE 68

After watching, check out our page on DNSSEC deployment basics to learn more about deploying DNSSEC.  If you have not yet deployed DNSSEC  in your network, what are you waiting for?

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) To archive

Video: Geoff Huston on Measuring DNSSEC from the User’s Perspective (RIPE 68)

How do you best measure DNS-related metrics from the perspective of an end user?  How many users are actually using DNSSEC validation?  What countries have the highest level of DNSSEC validation?  What role does Google’s Public DNS play in helping with this?

These are all questions that APNIC’s Geoff Huston addressed in his talk “Measuring DNS from the User’s perspective” at the recent RIPE68 meeting in Warsaw.  His slides are now online with some very interesting charts around DNSSEC validation.  I enjoy listening to Geoff and think you’ll find this quite an interesting talk:

geoff-huston-ripe68

And then… can you set up DNSSEC validation on your own network?  That will help you get the benefit of the added security of DNSSEC in your own usage of the Internet.

Categories
Deploy360 Improving Technical Security IPv6 To archive

Video: IPv6 Security Myths and Reality by Chris Grundemann (RIPE 68)

What is the reality behind IPv6 security?  What is different (or not) about IPv6 vs IPv4 in terms of security?  What are some of the common myths about IPv6 security?  At the recent RIPE 68 conference in Warsaw, Poland, our Chris Grundemann spoke about common beliefs about IPv6 security and what people should really be thinking about.  His talk, “Security in an IPv6 World: Myth & Reality” is now available for viewing from the RIPE 68 site.  His slides are also available for download.

Chris Grundemann at RIPE68When you are done watching, you may want to check out our page on IPv6 security resources to learn more about how you can secure your installation of IPv6.  And if you don’t have IPv6 in your network yet, what are you waiting for?

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IPv6 To archive

Congrats on 25 Years of RIPE Meetings – And We’ll Be Promoting Videos From RIPE68

ripe-25-anniversaryAs the RIPE 68 meeting has drawn to a close in Warsaw, Poland, we would just like to take a moment to join with our CEO and many others in congratulating the RIPE community on their 25th anniversary.  Over these past 25 years the RIPE community has done an amazing amount of work together to create a stronger and better Internet.  On a global level, we are all collectively so much better off because of all the work that has happened within the RIPE community. Do check out their “25 Years of RIPE Timeline” to learn more.

We heard from Chris Grundemann and Jan Žorž that the 25th anniversary celebration on Tuesday evening was a great event – and both of them have raved about what an excellent – and exhausting – week this has been for them. As we wrote about last week, they’ve had an extremely busy week with a great amount of activity on IPv6, DNSSEC, securing BGP and our BCOP and  Operators and the IETF projects. Outside of that, Jan is also a member of the RIPE Program Committee (and was chosen again for that role) and so he was super-busy with helping with general organizational issues.  Our colleague Andrei Robachevsky was also there being very active on issues around routing resiliency and some of the great work happening there.

One of the great things about the RIPE meetings is how quickly they make the videos and presentations available for viewing.  There were some outstanding presentations at this RIPE 68 meeting in Warsaw, and so we’ll be highlighting and promoting some of the sessions that we found most valuable and interesting.  We’ve already started this yesterday with a post about Chris’ presentation about operators and the IETF, but we’ll be doing more of that over the next few weeks.

Congrats again to the RIPE community on their 25th anniversary – and we look forward to seeing all that will happen over the next 25 years!

Categories
Deploy360 IETF

Video: Chris Grundemann on our “Operators and the IETF” Project (RIPE 68)

What is our “Operators and the IETF” project all about?  Why should you care?  How can you help?  Chris Grundemann is in Warsaw this week at the RIPE 68 meeting and the video is now available (as are his slides) of his lightning talk:

ripe68-grundemann-operatorsIf you are interested in helping more, please check out our project page – and take the online survey! Thanks!