Building

Developing an Enterprise IPv6 Security Strategy / Part 3: Traffic Filtering in IPv6 Networks (I)

So this is the third part of our little series on securing IPv6 in enterprise environments. In the first part we tried to develop an understanding of threats in IPv4 networks as a kind-of baseline while analyzing the main differences induced by IPv6 and in the second part we laid out protection strategies on the infrastructure level, focusing on network isolation on the routing layer. Today I’ll dive into discussing IPv6-specific filtering of network traffic.

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 3: Traffic Filtering in IPv6 Networks (I)”

Continue reading
Breaking

Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement

In this blogpost we will briefly explain a well known Syscall hooking technique (a more detailed explanation can be gathered from e.g.  http://resources.infosecinstitute.com/hooking-system-service-dispatch-table-ssdt/) used by multiple malware samples (like the laqma trojan) and right after discuss how some memory analysis tools have trouble in the analysis and/or reporting of these.
Continue reading “Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement”

Continue reading
Building

Developing an Enterprise IPv6 Security Strategy / Part 2: Network Isolation on the Routing Layer

In the first part of this series we tried to identify which risks related to network-related threats actually change when IPv6 gets deployed and hence which ones to take care of in a prioritized manner (as opposed to those which one might be tempted to [initially] disregard with a “has been there in IPv4 already and we did not address it then, why now?” stance). Let’s assume we went through this step and, for those most relevant risks we identified, we want to come up with infrastructure level controls first, before tackling controls to be deployed on the host level (as in many organizations the sysowners of “hosts” like servers in datacenters tend to expect “the network/infrastructure guys to provide the 1st layer of defense against threats”, in particular once those originate from an apparent network layer protocol, that is IPv6).

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 2: Network Isolation on the Routing Layer”

Continue reading
Building

Developing an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security

We’ve been involved in some activities in this space recently and I thought it could be a good idea to share a couple of things we’ve discussed & displayed. Furthermore some time ago – in the Is IPv6 more Secure than IPv4? Or Less? post – I announced to come up with (something like) an “IPv6 threats & controls catalogue” at some point… so here we go: in an upcoming series of a few blogposts I will lay out some typical elements of an “Enterprise IPv6 Security Strategy” incl. several technical pieces (and I plan to give a talk on the exact topic at next year’s IPv6 Security Summit).

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security”

Continue reading
Events

Welcome to Brazil!

Welcome to Brazil!

“Welcome to Brazil”, I think, turned to being the most used statement during the past Hackers to Hackers Conference in Sao Paulo. It was used as the main reaction to every speech taking moment, and there were a lot of those! To honor the moments and give you a quick insight into was what going on in Sao Paulo, here is a quick summary of the overall event and our own contribution.

Continue reading “Welcome to Brazil!”

Continue reading
Events

DENOG7

Hi everyone,

we (Christopher, Jan-Pascal and me) had the pleasure to join the 7th DENOG (German Network Operators Group) meeting in Darmstadt which takes place yearly in autumn. For the first time the meeting was scheduled for two days which offered more time for talks and discussions than the previous meetings. The concept of DENOG is to meet, talk, discuss and share experience with the network operator community in Germany.  Continue reading “DENOG7”

Continue reading
Events

13th escar Europe conference | Embedded Security in Cars

Last week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! 😉
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.

Conference Room
Conference Room

“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. Continue reading “13th escar Europe conference | Embedded Security in Cars”

Continue reading