October 2014 archive

Watch LIVE Today: ION Santiago – IPv6, DNSSEC, BGP, TLS, BCOP and more…

ION SANTIAGOStarting in just about five hours at 2:00pm CLST (15:00 UTC) our ION Santiago event will be streaming live out of Chile.  We’ll be sharing the very latest news about IPv6, DANE, BGP security, Anti-spoofing, TLS, Best Current Operational Practice (BCOP) efforts, and standards within the IETF.

You can watch the event using the LACNIC 22 webcasting page. Here is the full ION Santiago agenda:

2:00 PM

Opening Remarks

Chris Grundemann (Internet Society)

2:10 PM

What’s Happening at the IETF? Internet Standards and How to Get Involved

Alvaro Retano (Cisco)

What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions, including bringing the IETF to Latin America in 2016.

2:40 PM

Operators & the IETF

Chris Grundemann (Internet Society)

The Internet Society is seeking to foster a larger and more engaged network operator community around the IETF and protocol development work. We conducted a widespread survey of network operators from January to July 2014 and are now analyzing and synthesizing the results. In this session, we’ll discuss the initial survey results and our next steps to create a report and IETF Internet-Draft that outlines the challenges to greater operator engagement in the IETF and a summary of potential solutions.

2:55 PM

Beyond the Tipping Point: Global Connectivity Two Years After World IPv6 Launch

Arturo L. Servin Niembro (Google) and Carlos Martinez Cagnazzo (LACNIC)

6 June 2014 marked the 2nd anniversary of World IPv6 Launch, when thousands of Internet Service Providers, home networking equipment manufacturers, and web companies around the world came together to permanently enable IPv6 on their products and services. Where are we now on the path to full global IPv6 adoption? We’ll provide a global update and then focus on the current state of IPv6 adoption in South America, including a brief tour of the resources available from the Internet Society to help networks of all sizes get IPv6 up and running for good. We will also explore how those who have already deployed IPv6 can help the larger community by adding even more content to the repository.

3:25 PM

Best Current Operational Practices Update

Jan Zorz (Internet Society)

The Internet Engineering Task Force (IETF) standardizes the protocols and services that vendors implement and network operators are supposed to deploy and use. We believe there is an opportunity to better identify, capture, and promote best current operational practices emerging from various regional network operators’ groups. We believe sharing these documents across the globe would benefit the wider Internet community and help more operators deploy new technologies like IPv6 and DNSSEC faster and easier. Deploy360’s Jan Zorz will give an update on this progress, discuss the status of BCOP efforts across the world, and give an overview of some of the documents in the process so far.

3:35 PM

BREAK

4:00 PM

Panel: Routing Around Catastrophe – Securing BGP, Anti-spoofing, and More

Moderator: Christian O’Flaherty. Panelists: Rodrigo Arenas (NIC CL); Wes Hardaker (PARSONS); Max Larson Henry (Transversal); Gerardo Rada (LACNIC).

How do we improve the resilience and security of the Internet’s underlying routing infrastructure? While Internet routing has worked well over the years, there have been instances where errors and misconfigurations have caused stability issues. Malicious attackers have also created denial of service attacks and other issues by spoofing IP addresses and manipulating routing tables. What are the best practices we can use to help mitigate these kind of attacks?

In this session, our panel of experts will address technologies such as BCP 38, anti-spoofing, and BGP security efforts that can help secure the routing infrastructure. They will also consider the Internet Society’s new Routing Manifesto, which aims to introduce a minimum set of security measures which, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system.

5:00 PM

Lock it Up: TLS for Network Operators

Chris Grundemann (Internet Society)

Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), can be used in many applications other than Web browsers. In order to make the Internet more secure, TLS needs to be widely deployed by all kinds of applications across the Internet. In this session, we will help network operators understand how best to support the use of TLS-encrypted applications across their networks and address how operators can best support their networks and users once everything is encrypted.

5:30 PM

DANE: The Future of Transport Layer Security (TLS)

Wes Hardaker (PARSONS)

If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, a new protocol has emerged called “DANE” (“DNS-Based Authentication of Named Entities“), which allows you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, Wes will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.

6:00 PM

Closing Remarks

Chris Grundemann (Internet Society)

Join us TODAY for what should be an excellent set of sessions!

And if you want to get started now with deploying these technologies, please visit our “Start Here” page to find resources targeted at your type of organization or role.

 

Help ARIN Shape Their New IPv6 Campaign – Today at 4:00pm EST

ARIN Get IPv6 campaignWould you like to help ARIN shape their new “Get IPv6″ campaign?  If so, please join the ARIN team on a conference call TODAY (Oct 28, 2014) at 4:00pm US EDT!  They are gearing up to launch a new promotional campaign around IPv6 called “Get6″.  As they say on their page about the campaign:

IPv6-ready mobile platforms and web content presents a new opportunity to convince your CEO, CMO and CCO of the importance of IPv6 adoption.

They are asking:

We want to know the challenges you have faced in communicating the value of IPv6 to non-technical audiences at your company.  Would a focus on web content resonate?

ARIN would like your feedback (more info in their blog post)… to join in the call simply send them a message to get6@arin.net to get the call-in information.  I’m hoping to join in for a bit myself (I’ll also be listening to ION Santiago) and will be very interested to hear the feedback they get and what they do with the campaign!

FIR #779 – 10/27/14 – For Immediate Release

Shel and Neville recording face-to-face in London; Intro: Neville recognized in UK Social Media Awards, Shel named Platinum Fellow of Mayo Clinic Center for Social Media; Quick News: Fake news sites spreading Ebola fears, Nokia name will live on, employees on internal social networks less likely to get laid off; Ragan promo; News That Fits: Experiences during a day of touring in London: Babylon at the Roof Gardens; Dan York's Tech Report, the Media Monitoring Minute with CustomScoop, listener comments, the past week on the FIR Podcast Network, Igloo Software promo, Michael Netzley's Asia Report, experiences during a day of touring in London: the London Underground, the London Eye (and the London Dungeon), The Tea Room at Harrod's, Samsung Gear 2 Neo smartwatch.

ION Santiago Streaming Live From Chile Tomorrow

ION SANTIAGOWant to learn the latest news about IPv6, DANE, BGP security, Anti-spoofing, TLS, Best Current Operational Practice (BCOP) efforts, and standards within the IETF?

For all of this information, please join us tomorrow, Tuesday, October 28, 2014, at 2:00pm CLST (15:00 UTC), when our ION Santiago event will be streaming live out of Chile.

You can watch the event using the LACNIC 22 webcasting page. The ION Santiago agenda is packed with great sessions:

  • What’s Happening at the IETF? Internet Standards and How To Get Involved
  • Operators & the IETF
  • Beyond the Tipping Point: Global Connectivity Two Years After World IPv6 Launch
  • Best Current Operational Practices Update
  • Panel: Routing Around Catastrophe: Securing BGP, Anti-spoofing and More
  • Lock It Up: TLS for Network Operators
  • DANE: The Future of Transport Layer Security (TLS)

Join us tomorrow for what should be an excellent set of sessions!

And if you want to get started now with deploying these technologies, please visit our “Start Here” page to find resources targeted at your type of organization or role.

The post ION Santiago Streaming Live From Chile Tomorrow appeared first on Internet Society.

ION Santiago Streaming Live From Chile Tomorrow

ION SANTIAGOWant to learn the latest news about IPv6, DANE, BGP security, Anti-spoofing, TLS, Best Current Operational Practice (BCOP) efforts, and standards within the IETF?

For all of this information, please join us tomorrow, Tuesday, October 28, 2014, at 2:00pm CLST (15:00 UTC), when our ION Santiago event will be streaming live out of Chile.

You can watch the event using the LACNIC 22 webcasting page. The ION Santiago agenda is packed with great sessions:

  • What’s Happening at the IETF? Internet Standards and How To Get Involved
  • Operators & the IETF
  • Beyond the Tipping Point: Global Connectivity Two Years After World IPv6 Launch
  • Best Current Operational Practices Update
  • Panel: Routing Around Catastrophe: Securing BGP, Anti-spoofing and More
  • Lock It Up: TLS for Network Operators
  • DANE: The Future of Transport Layer Security (TLS)

Join us tomorrow for what should be an excellent set of sessions!

And if you want to get started now with deploying these technologies, please visit our “Start Here” page to find resources targeted at your type of organization or role.

 

Somehow Friday seems to have snuck up on me…

Somehow Friday seems to have snuck up on me...

Internet Society Posting Updates from ITU Plenipot 2014 in Busan (Featured Blog)

If you are, like me, not in Busan, South Korea, for the 2014 ITU Plenipotentiary Conference but are curious about what is going on there, my Internet Society colleagues on our public policy team have been posting regular updates to the Internet Society's blog and to the @ISOCPolicy Twitter account... Given that I work in the technology side of Internet Society's work and don't have the cycles to keep up-to-date with everything going on there in Busan, I've found these updates very helpful in understanding some of the major events happening at the ITU Plenipot 2014. More...

DNSSEC Is A Building Block, Not A Magic Bullet

Olaf KolkmanSpeaking at Broadband World Forum (BBWF) in Amsterdam this week, our CITO Olaf Kolkman was quoted as saying a key point we’ve been emphasizing throughout our work:

“There is no magic solution to any cyber security or internet security type of threat. But there are a number of building blocks that are promising.”

They include domain name system security extensions (DNSSEC), which help to secure certain kinds of information on networks.

“But they’re building blocks, they’re not magic bullets,” he said.

Exactly!

When we speak about DNSSEC or TLS  or BGP security, we are often immediately met by detractors with “But it doesn’t do ______” which, in their minds, immediately disqualifies the technology from further usage.  Often this is said, even though DNSSEC/TLS/BGP was never intended to do whatever it is they want.  They just expect the technology to magically do it all!

For example, with DNSSEC, some people immediately say “but it doesn’t protect against the confidentiality of your DNS queries!”  Well, no, it was never intended for that.  DNSSEC is entirely about protecting the integrity of your DNS queries, i.e. ensuring that the information you receive from DNS is the identical information that the operator of the domain put into DNS.  That’s it.  Confidentiality of DNS queries is something completely different! (And is now being discussed by the new DPRIVE working group inside the IETF.)

And by being a smaller building block, DNSSEC can be built upon to bring about powerful new innovations such as the DANE protocol, where we can add an additional layer of trust to TLS / SSL certificates and interactions.

What has made the Internet work so well on a technical level and evolve into the amazing communications medium that it has become is the fact that it is built from small building blocks that are then loosely coupled together in ways that make sense.

Building blocks, not magic bullets!

P.S. And if you want to get started with security building blocks like DNSSEC, please visit our Start Here page!

New RFC 7381: Enterprise IPv6 Deployment Guidelines

RFC 7381Would you like guidelines for how IPv6 can best be deployed in an enterprise environment?  Yesterday the IETF published a new informational RFC 7381, “Enterprise IPv6 Deployment Guidelines” available at:

https://tools.ietf.org/html/rfc7381

The abstract for the document reads:

Enterprise network administrators worldwide are in various stages of preparing for or deploying IPv6 into their networks. The administrators face different challenges than operators of Internet access providers and have reasons for different priorities. The overall problem for many administrators will be to offer Internet-facing services over IPv6 while continuing to support IPv4, and while introducing IPv6 access within the enterprise IT network. The overall transition will take most networks from an IPv4-only environment to a dual-stack network environment and eventually an IPv6-only operating mode. This document helps provide a framework for enterprise network architects or administrators who may be faced with many of these challenges as they consider their IPv6 support strategies.

The document then goes on to outline several phases of IPv6 deployment within an enterprise.  The Table of Contents gives a good sense of what is in the document:

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Enterprise Assumptions . . . . . . . . . . . . . . . . . 5
1.2. IPv4-Only Considerations . . . . . . . . . . . . . . . . 5
1.3. Reasons for a Phased Approach . . . . . . . . . . . . . . 6
2. Preparation and Assessment Phase . . . . . . . . . . . . . . 7
2.1. Program Planning . . . . . . . . . . . . . . . . . . . . 7
2.2. Inventory Phase . . . . . . . . . . . . . . . . . . . . . 8
2.2.1. Network Infrastructure Readiness Assessment . . . . . 8
2.2.2. Application Readiness Assessment . . . . . . . . . . 9
2.2.3. Importance of Readiness Validation and Testing . . . 9
2.3. Training . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4. Security Policy . . . . . . . . . . . . . . . . . . . . . 10
2.4.1. IPv6 Is No More Secure Than IPv4 . . . . . . . . . . 10
2.4.2. Similarities between IPv6 and IPv4 Security . . . . . 11
2.4.3. Specific Security Issues for IPv6 . . . . . . . . . . 11
2.5. Routing . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.6. Address Plan . . . . . . . . . . . . . . . . . . . . . . 14
2.7. Tools Assessment . . . . . . . . . . . . . . . . . . . . 16
3. External Phase . . . . . . . . . . . . . . . . . . . . . . . 17
3.1. Connectivity . . . . . . . . . . . . . . . . . . . . . . 18
3.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3. Monitoring . . . . . . . . . . . . . . . . . . . . . . . 20
3.4. Servers and Applications . . . . . . . . . . . . . . . . 20
3.5. Network Prefix Translation for IPv6 . . . . . . . . . . . 21
4. Internal Phase . . . . . . . . . . . . . . . . . . . . . . . 21
4.1. Security . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2. Network Infrastructure . . . . . . . . . . . . . . . . . 22
4.3. End-User Devices . . . . . . . . . . . . . . . . . . . . 23
4.4. Corporate Systems . . . . . . . . . . . . . . . . . . . . 24
5. IPv6 Only . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6. Considerations for Specific Enterprises . . . . . . . . . . . 26
6.1. Content Delivery Networks . . . . . . . . . . . . . . . . 26
6.2. Data Center Virtualization . . . . . . . . . . . . . . . 26
6.3. University Campus Networks . . . . . . . . . . . . . . . 26
7. Security Considerations . . . . . . . . . . . . . . . . . . . 28
8. Informative References . . . . . . . . . . . . . . . . . . . 28

The document is a good one for all people involved with enterprises to read and we’ll be adding the document to our “IPv6 for Enterprises” page soon.  We’d encourage you to read this RFC 7381 and share it with others.  Please do also check out other resources that are available for enterprises looking to make the move to IPv6.

 

T-Mobile USA Hits 43% IPv6, Verizon Wireless at 59%, AT&T at 25% in Oct 2014 Measurements

More great IPv6 news this month with the October 2014 World IPv6 Launch measurements.  As our colleague Mat Ford notes, T-Mobile USA entered the “top 10″ networks this month and has grown from 5% to 43% IPv6 within the last 12 months!  Congrats to the whole team there at T-Mobile USA!

T-Mobile USA

Verizon Wireless’ relentless increase continued, too, driven by their growth of their IPv6-based LTE network. They are now flirting with the 60% mark… so you can probably anticipate my headline next month!

vzw-ipv6-oct2014

Continuing the trend in North American mobile networks, AT&T, too, saw a nice increase, coming in at 24.99% (so let’s call that 25%, eh?):

att-ipv6-oct2014

 

The growth in IPv6 was global, of course, and in the top networks Deutsche Telekom showed a nice growth line at 28.05%:

dt-ipv6-oct2014

Mat Ford also noted in his post that SKTelecom, one of the largest South Korean mobile network operators, has just started an IPv6 rollout and so we should see their growth over the next while.

If you have IPv6 running on your network and would like to be measured as part of this program, please do register to join the program.

And if you haven’t started doing anything with IPv6 yet, please check out our Start Here page to find resources tailored for your type of organization or role.  As these charts show, IPv6 is happening!