Bold Statements
As some of you might recall we’ve introduced a dedicated “Active Directory Security Track” at last year’s Troopers. For Troopers19 we’ve expanded it to two days (as the SAP Security Track was discontinued), and in the following I’ll provide a list of talks in the track.
Continue reading “#TR19 Active Directory Security Track”
Continue readingAt first a very happy new year to everybody!
While thinking about the agenda of the upcoming Troopers NGI IPv6 Track I realized that quite a lot of IPv6-related topics have been covered in the last years by various IPv6 practitioners (like my colleague Christopher Werny) or researchers (like my friend Antonios Atlasis). In a kind of shameless self plug I then decided to put together of list of IPv6 talks I myself gave at several occasions and of publications I (co-) authored. Please find this list below (sorted by years); you can click on the titles to access the respective documents/sources.
I hope some of this can be of help for one or the other among you in the course of your own IPv6 efforts.
Cheers,
Enno
Continue reading “IPv6 Talks & Publications”
Continue readingLast week Will “harmj0y” Schroeder published an excellent technical article titled “Not A Security Boundary: Breaking Forest Trusts” in which he lays out how a highly critical security compromise can be achieved across a forest boundary, resulting from a combination of default AD (security) settings and a novel attack method. His post is a follow-up to the DerbyCon talk “The Unintended Risks of Trusting Active Directory” which he had given together with Lee Christensen and Matt Nelson at DerbyCon (video here). They will also discuss this at the upcoming Troopers Active Directory Security Track (details on some more talks, including Sean Metcalf’s one, can be found in this post or this one).
Continue reading “ERNW Whitepaper 67: Active Directory Trust Considerations”
Continue readingThis is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.
Continue reading “#TR18 Active Directory Security Track, Part 1”
Continue readingA happy new year to everybody!
At Troopers18 there will be a new special track on Microsoft Active Directory and its security aspects, similar to the SAP security track which we established some years ago. The AD security track will feature, amongst others, the following talks.
Continue reading “#TR18 Active Directory Security Track”
Continue readingLooking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).
Continue reading “Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects”
Continue readingA while ago I wrote a short paper laying out options for an enterprise organization to get global IPv6 address space from the RIPE NCC, discussing the advantages and disadvantages of different approaches. As I think the topic may be of interest for others, too, I’ve distilled an anonymized version. It can be found here. I hope some of you find it useful.
Cheers, Enno
Continue readingLast week I had the pleasure to participate at the first RIPE IoT Roundtable Meeting in Leeds (thanks! to Marco Hogewoning for organising it). It was a day with many fruitful discussions. I particularly enjoyed Robert Kisteleki‘s talk on RIPE NCC’s own design & (security) process considerations in the context of RIPE Atlas (at TR17 NGI there was an intro to Atlas, too).
In this post I’d like to quickly lay out the main points of my own contribution on “Balanced Security for IPv6 CPE Revisited” (the slides can be found here).
Continue reading “RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited”
Continue readingJust recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).
Continue reading “Local Packet Filtering with IPv6”
Continue readingI’m on my way back from the RIPE74 meeting in Budapest. It was a great event: quite a few nice technical talks in the plenary, productive working group meetings and some really good hallway discussions.
Big thanks to the RIPE NCC team for the smooth organization and for taking care of us!
Continue reading “RIPE74 / Why IPv6 Security Is So Hard”
Continue reading