Monday, June 8, 2020

The Open Standatds Everywhere : Overview

Do you believe that your security depends on Open Standards?

According to Cisco, the number of connected devices worldwide will rise to 50 billion or more by 2021. Due to this growth of devices, new solutions, and IT services, we will face potential new security issues. Security is both the key to the success or failure, of the interconnected internet. The key to a successful and secure system is using open standards. It allowing public inspection of code and the contribution of patches is the best way to ensure security devices, systems, and solutions.




The Open Standards Everywhere (OSE) training conducted by ISOC provided me with insights into future web security. 

As I learned it would be everyone's responsibility to guarantee open, globally-connected, trustworthy, and secure internet for everyone.

Therefore making your web server as secure as possible and ensuring its availability across the global network of networks is a challenging task.

The latest open and most secure standards introduced by the Internet Engineering Task Force (IETF) are geared for this task. 

ISOC initiated series training of programs through its chapters to build awareness among web server administrators to support the latest security standards and protocols, value in new open Internet standards and also understand how to deploy those standards.

The objective of the ISOC 2020 action plan is to increase security and availability of web servers by promoting the latest IETF standards and new protocols that can help promote to build a bigger, stronger Internet.

This training provided information on IPV6 which increases connectivity and security of web servers as well as billions of IoT devices that would be connected to the internet.

HTTP/2 provides faster connections that work better for low bandwidth, mobile that is secure and trustworthy. 

Another important cryptographic protocol is  Transport Layer Security (TLS), the successor to SSL. It is designed to provide increased communications security over a computer network to ensure privacy and data integrity between two or more communicating computer applications.


DNSSEC increases security in DNS systems and prevents attackers from poisoning the responses to DNS requests. 

Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks. 

These new standards help increase openness, Interoperability, and security of the web.


In this blog, you will find :

What is Interoperability?

What is Open Web

Open standards everywhere on the internet

What are Open Standards?

Open Standards Testing Tools

ISOC Training session on open web standards


IPV6 Concepts


IoT - everything-connected-to-Internet

History of IPV6 

Internet Protocol 6 for IoT

More from the Internet...

IPV6


DNSSEC

TLS

HSTS


What is DNSSEC?

DNS technology was not designed with security in mind. It uses clear text requests where attackers can easilily manipulate in the middle.

DNSSEC is a security feature in the Domain Name System (DNS). It  authenticates the responses to domain name lookups on internet. 

DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests . 

DNS spoofing is an example of an attack on DNS infrastructure where 
an attacker hijacks a DNS resolver’s cache, causing users who visit a website to receive an incorrect IP address, to direct the user to attacker’s malicious site instead of the one that was actually requested by the user.

How DNSSEC works?

DNSSEC once actuvated, generates a public and private key for your zone. The public key is provided to you in the form of DS or DNSKEY records. The records should be configured at the domain provider, where the domain name is registered.

During the deployment of your zone in the network, the network will use the private key to sign all your records. These signatures will be received and checked by the end-user resolver if they match with the public keys.

Monday, June 1, 2020

IPV6 Concepts

IPv6 Concepts

The layered model used in the Internet.


Internet Protocol stack

image001








IPv6 sits in layer 3  network layer.
It handles pieces of data called packets.


Devices connected to the Internet are hosts or routers. A host can be a PC, a laptop, embedded device with sensors and actuators.

They can send and/or receive data packets.


Hosts are the source or destination of the packets. Routers are in charge of packet forwarding.


They also responsible of choosing the next router.


The packet finally forward towards the final destination.

Internet is composed of a lot of interconnected routers. They receive data packets in one interface and send then as quick as possible using another interface towards another forwarding router.

IoT - everything-connected-to-Internet

I

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Future IPV6 IoT
IPv6 sensors world-wide mesh
Physical value measurement
Storage and and processing for applications.
Smart Cities, Security .. what else?

DHCPv6
You need to configure a dedicated server that after a brief negotiation with the device assigns an IP address to it. DHCPv6 allows IP devices to be configured automatically.

stateful address autoconfiguration
DHCPv6 keeps state of assigned addresses.





SLAAC: Stateless address autoconfiguration
configure automatically
using the router connectivity to a network.


SLAAC simplifies the configuration of "dumb" devices, like sensors, cameras or any other device with low processing power.

"plug and net". simplifies the network infrastructure
Can build a basic IPv6 network without a server.

We use the same router to send packets outside your network to configure the IP devices. We are not going to enter into details, but you just need to know that