Some examples

Some more examples are due, but the first example of advice is available.

TCP and reliability : some people think that, because they chose TCP for the transport protocol, their application is - by consequence - reliable as well.  This is not true !  Check the example for background information.

TCP and security : partners in TCP communication put a lot of trust in each other, more trust than a hacker deserves Three examples of how that trust can be abused are presented here - as always : each time with suggestions to counter the problem.

DNSSEC : a brief introduction.  Showing that DNSSEC adds extra authentication - signatures - but also why DNS administrators of server providing answers to end-users, must also configure in order to verify the signatures : that verification is not automatic !

IPv6 : while IPv6 gets most attention because of its larger address space, it is far more then simply "IPv4 with longer addresses".  It is a new protocol, with new features (to be learned) and requiring attention for security.  In this example I draw the attention on the fact that the decision for IPv6 is not ours to make : in the worldwide Internet, what happens somewhere far from us, obliges to get ready for IPv6.

Data mining : (applied to IPv6 and security) in the IPv6 talk, I spend some time on how administrators tend to pick predictable IPv6 addresses (which, if anticipated by scanners, makes their life easier again).  As an example of data mining and to illustrate predictability, this script looks at glue records in the root zone and illustrates the point.  The script and sample output, november 2012.

 

Background: locked serverrack