Building

Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects

Looking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).

Continue reading “Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects”

Continue reading
Events

RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited

Last week I had the pleasure to participate at the first RIPE IoT Roundtable Meeting in Leeds (thanks! to Marco Hogewoning for organising it). It was a day with many fruitful discussions. I particularly enjoyed Robert Kisteleki‘s talk on RIPE NCC’s own design & (security) process considerations in the context of RIPE Atlas (at TR17 NGI there was an intro to Atlas, too).
In this post I’d like to quickly lay out the main points of my own contribution on “Balanced Security for IPv6 CPE Revisited” (the slides can be found here).

Continue reading “RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited”

Continue reading
Misc

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Continue reading
Events

Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS

Given the CfP for Black Hat US in Vegas ends in a few days – and as apparently some people have already started to think about their TR18 submissions – I’ll quickly provide some loose recommendations on how to write a submission here. There’s quite some reasonable advice out there already (the BH CfP site lists this and this which you should both read as well) but some of you might find it useful to get (yet) another perspective. Continue reading “Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS”

Continue reading
Building

Considerations on DMZ Design in 2016, Part 3: Some Notes on Firewall Rule Management

This is the 3rd part of this loose series on considerations of (operating) DMZs in 2016 (part 1 on the role of a DMZ is can be found here, part 2 on reverse proxies here).
Again, I dare to deviate a bit from the plan & order I initially had in mind – today I will cover one process whose maturity may significantly influence the overall security posture of a DMZ environment: firewall rule management.

Continue reading “Considerations on DMZ Design in 2016, Part 3: Some Notes on Firewall Rule Management”

Continue reading