Posts

Showing posts from 2016

Ask a Question, Get an Answer; How insecure can that be? (Part 2)

In Part 1 of this post we walked through the basic process your computer or mobile device utilizes to translate “www” addresses into Internet Protocol (IP) addresses for communications over the Internet through the use of the domain name system (DNS). We posed the question, for a transaction seemingly as simple as asking a question and obtaining an answer, how insecure could it be? We highlighted a few of the ways the integrity of the DNS data could be compromised: • Your device could be misconfigured and attempt to contact an attacker’s local DNS server. • The local DNS server could be misconfigured or hacked rendering it unable to process queries, rendering name translation unavailable and thus the Internet unavailable. • An Internet DNS server could be misconfigured or hacked, leaving it in a state of providing incorrect answers, possibly misdirecting device connections or rendering Internet connections unavailable. • An imposter Internet DNS server could falsify and answe...

Ask a Question, Get an Answer; How insecure can that be? (Part 1 of 3)

Image
The domain name system (DNS) was invented nearly thirty years ago to serve as the Internet directory. As you browse the Internet using your computer, tablet, mobile phone, or other device, you navigate by entering names of websites, typically “www” addresses. But your device connects to the intended Internet destination by sending Internet Protocol (IP) data packets, which are addressed using IP addresses, not www addresses. DNS provides the vital linkage in looking up www addresses that people use and translating them to IP addresses that devices use. The basic concept of DNS is very simple:  ask a question (www address) and get an answer (IP address). But the mechanics involve a number of DNS entities, many of which lie outside of your organization. And this could expose your network to security compromise. By its very nature, the global Internet DNS system serves as a distributed data repository containing www names (and others of course but let's keep it simple) and correspo...

IPv6 Deployments Continue Acceleration

Image
IPv6 momentum continues to build in the face of global IPv4 address exhaustion. All major Regional Internet Registries but Afrinic have officially exhausted their available IPv4 address space . Internet Service Providers (ISPs) requiring additional IPv4 address space now must rigorously justify their requests. ISP subscriber growth can be satisfied with available though diminishing IPv4 address space, through the use of carrier grade NATs, or with IPv6. Given ever broadening end user device IPv6 support, the ultimate growth strategy requires IPv6 implementation. Many enterprises are actively engaged in deploying IPv6 as well. Google has been measuring the percentage of IPv6 users accessing their websites for a number of years. Just recently the percentage of users accessing via IPv6 topped 12%. This data represents one perspective though probably a good indicator for the Internet at large. Extrapolating this metric per the chart below, we see the IPv6 density of the Internet doublin...