The Open Standatds Everywhere : Overview

Do you believe that your security depends on Open Standards?

According to Cisco, the number of connected devices worldwide will rise to 50 billion or more by 2021. Due to this growth of devices, new solutions, and IT services, we will face potential new security issues. Security is both the key to the success or failure, of the interconnected internet. The key to a successful and secure system is using open standards. It allowing public inspection of code and the contribution of patches is the best way to ensure security devices, systems, and solutions.

The Open Standards Everywhere (OSE) training conducted by ISOC provided me with insights into future web security. 

As I learned it would be everyone's responsibility to guarantee open, globally-connected, trustworthy, and secure internet for everyone.

Therefore making your web server as secure as possible and ensuring its availability across the global network of networks is a challenging task.

The latest open and most secure standards introduced by the Internet Engineering Task Force (IETF) are geared for this task. 

ISOC initiated series training of programs through its chapters to build awareness among web server administrators to support the latest security standards and protocols, value in new open Internet standards and also understand how to deploy those standards.

The objective of the ISOC 2020 action plan is to increase security and availability of web servers by promoting the latest IETF standards and new protocols that can help promote to build a bigger, stronger Internet.

This training provided information on IPV6 which increases connectivity and security of web servers as well as billions of IoT devices that would be connected to the internet.

HTTP/2 provides faster connections that work better for low bandwidth, mobile that is secure and trustworthy. 

Another important cryptographic protocol is  Transport Layer Security (TLS), the successor to SSL. It is designed to provide increased communications security over a computer network to ensure privacy and data integrity between two or more communicating computer applications.

DNSSEC increases security in DNS systems and prevents attackers from poisoning the responses to DNS requests. 

Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks. 

These new standards help increase openness, Interoperability, and security of the web.

In this blog, you will find :

What is Interoperability?

https://open-web101.blogspot.com/2020/06/what-is-interoperability.html?m=1

What is Open Web

https://open-web101.blogspot.com/2020/06/what-is-open-web.html?m=1

Open standards everywhere on the internet

https://open-web101.blogspot.com/2020/06/open-standards-everywhere-on-internet.html?m=1

What are Open Standards?

https://open-web101.blogspot.com/2020/06/what-are-open-standards.html?m=1

Open Standards Testing Tools

https://open-web101.blogspot.com/2020/06/open-standard-website-testing.html?m=1

ISOC Training session on open web standards

https://open-web101.blogspot.com/2020/06/open-standard-website-testing.html?m=1

IPV6 Concepts

https://open-web101.blogspot.com/2020/06/ipv6-concepts.html?m=1

IoT - everything-connected-to-Internet

https://open-web101.blogspot.com/2020/06/iot-everything-connected-to-internet.html?m=1

History of IPV6 

https://open-web101.blogspot.com/2020/06/hihstory-of-ipv6.html?m=1

Internet Protocol 6 for IoT

https://open-web101.blogspot.com/2020/06/internet-protocol-6-for-iot.html?m=1

More from the Internet...

IPV6

https://www.internetsociety.org/deploy360/ipv6/

DNSSEC

https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

TLS

https://kinsta.com/blog/tls-1-3/

HSTS

https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it

Learn More on open standards
https://opensource.com/resources/what-are-open-standards

What is DNSSEC?

DNS technology was not designed with security in mind. It uses clear text requests where attackers can easilily manipulate in the middle.

DNSSEC is a security feature in the Domain Name System (DNS). It  authenticates the responses to domain name lookups on internet. 

DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests . 

DNS spoofing is an example of an attack on DNS infrastructure where 

an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address, to direct the user to attacker’s malicious site instead of the one that was actually requested by the user.

How DNSSEC works?

DNSSEC once actuvated, generates a public and private key for your zone. The public key is provided to you in the form of DS or DNSKEY records. The records should be configured at the domain provider, where the domain name is registered.

During the deployment of your zone in the network, the network will use the private key to sign all your records. These signatures will be received and checked by the end-user resolver if they match with the public keys.

Open Standard website testing

Test framework 

Test your web server and record the data.

• https://internet.nl/

• 

including TLS 1.3, HSTS, more

• Developed by NLNet Labs with support from many orgs, including ISOC and ISOC NL Chapter

• https://http2.pro/

• HTTP/2

Training session on open web standards

• Presentation of the training session 

• Recordings of the Training Sessions 

Introductory Session

Recording of the session: https://isoc.box.com/s/qx8dqx4kmgt6umau8vn22pbwgy0h02uk

INFORMATION ABOUT INTRODUCTORY SESSIONS

Recording of the session: https://isoc.box.com/s/qx8dqx4kmgt6umau8vn22pbwgy0h02uk

Program main information: https://isoc.box.com/s/7se38a36gqvgee6hloqsuw0i0mx6c1bf

* Shaping the Internet: https://www.internetsociety.org/policybriefs/internetgovernance/

* Community Networks: https://www.internetsociety.org/policybriefs/spectrum/

IPV6 Concepts

IPv6 Concepts

The layered model used in the Internet.

Internet Protocol stack

IPv6 sits in layer 3  network layer.
It handles pieces of data called packets.

Devices connected to the Internet are hosts or routers. A host can be a PC, a laptop, embedded device with sensors and actuators.

They can send and/or receive data packets.

Hosts are the source or destination of the packets. Routers are in charge of packet forwarding.

They also responsible of choosing the next router.

The packet finally forward towards the final destination.

Internet is composed of a lot of interconnected routers. They receive data packets in one interface and send then as quick as possible using another interface towards another forwarding router.

IoT - everything-connected-to-Internet

I

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Future IPV6 IoT
IPv6 sensors world-wide mesh
Physical value measurement
Storage and and processing for applications.
Smart Cities, Security .. what else?

DHCPv6
You need to configure a dedicated server that after a brief negotiation with the device assigns an IP address to it. DHCPv6 allows IP devices to be configured automatically.

stateful address autoconfiguration
DHCPv6 keeps state of assigned addresses.

SLAAC: Stateless address autoconfiguration
configure automatically
using the router connectivity to a network.


SLAAC simplifies the configuration of "dumb" devices, like sensors, cameras or any other device with low processing power.

"plug and net". simplifies the network infrastructure
Can build a basic IPv6 network without a server.

We use the same router to send packets outside your network to configure the IP devices. We are not going to enter into details, but you just need to know that