Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Mark Elkins Topic: Things not getting done.

Published byJesse Hudson Modified over 10 years ago

Similar presentations

Presentation on theme: "Presenter: Mark Elkins Topic: Things not getting done."— Presentation transcript:

1 Presenter: Mark Elkins Topic: Things not getting done

2 Things not getting done Mark Elkins AfriNIC-17 mje@posix.co.za

3 Technical solutions exist and are universally accepted, yet... 1)DNSSEC 2)IPv6 enablement 3)Telnet elimination 4)Egress filtering of routes

4 DNSSEC The Domain Name System (DNS) set of security extensions which provide some additional levels of security atop DNS This refers both to: – signing zones – operating validating servers (http://dnssec.co.za) Using DNSSEC aware applications (dnssec validator) DNSSEC Training (http://dnstraining.coza.net.za) DANE: DNS-Based Authentication of Named Entities (SSL, SMTP, S/MIME, XMPPetc)

5 IPv6 Enablement Production implementation of the IPv6 protocol including public accessibility, routing, and availability of all IPv4 public services over IPv6. Get an allocation from AfriNIC (Its often free) Dual Stack your core, Peering and Transit Dual Stack Web, Nameservers and E-Mail Dual stack your customers

6 Telnet elimination Should be eliminated in favour of more secure protocols like SSH Consider a similar treatment for – POP3/IMAP – E-Mail

7 Egress Filtering of Routes Implementation of security policies at the router level, restricting traffic between networks which do not meet routing policy (BCP38). – Filter to only allow your networks to leave your network

8 Technical solutions exist but fair minded people debate the need 1)Route Registry 2)Secure HTTP (HTTPS) 3)Route Aggregation 4)Mail Submission

9 Route Registry Database of routing objects, provided by the RIRs and other organizations, for configuring routers and establishing/maintaining routing policy. – Possible starting point for RPKI

10 HTTPs Hypertext Transfer Protocol Secure is a preferred communication protocol over the Internet when compared to HTTP alone. We need to encourage implementation by applications. – Combine with DNSSEC and DANE

11 Route aggregation Active management of routes, routing slots, routing policy, and prefixes to structure IP address blocks into a hierarchical manner optimizing Classless Inter-Domain Routing (CIDR).

12 Mail Submission Securing the origination of e-mails by blocking port 25 (SMTP) and only accepting e-mails on port 587 (submission) which can be both authenticated (user/passwd) and encrypted (SSL/TLS) – Effectively eliminate SPAM generation from mail robots

Download ppt "Presenter: Mark Elkins Topic: Things not getting done."

Similar presentations

Copyright (c) 2002 Japan Network Information Center Introduction of JPNICs New Registry System Izumi Okutani IP Address Section Japan Network Information.

Copyright (c) 2002 Japan Network Information Center Introduction of JPNICs New Registry System Izumi Okutani IP Address Section Japan Network Information.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Internet Number Resources 1. Internet IPv4 addresses IPv6 addresses Autonomous System number Fully Qualified Domain Name Key Internet resources.

Internet Number Resources 1. Internet IPv4 addresses IPv6 addresses Autonomous System number Fully Qualified Domain Name Key Internet resources.
APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
IPv6 deployment metrics using.JP domain APNIC 17 25 February 2004 Kenichi Kanayama Intec NetCore, Inc.

IPv6 deployment metrics using.JP domain APNIC February 2004 Kenichi Kanayama Intec NetCore, Inc.
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
1 Muhammed Rudman

1 Muhammed Rudman
IPv4 Depletion IPv6 Adoption 3 February 2011 0 /8s Remaining.

IPv4 Depletion IPv6 Adoption 3 February /8s Remaining.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.

IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
IPv6: The Future of the Internet? July 27th, 1999 Auug.

IPv6: The Future of the Internet? July 27th, 1999 Auug.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.

Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Similar presentations

Ads by Google