Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 07
IP Best Current Operational Practices (IPBCOP) Project Launches New Website
Are you looking for “best practices” within the operations community? If so, our friends over at the IP Best Current Operational Practices (IPBCOP) effort have just launched a new website to help make their information more accessible and available. The IPBCOP project, led by Aaron Hughes and Richard Donaldson, emerged out of a series of operator meetings such as NANOG where it became clear that a need existed to collect operational best practices within the operator community and capture those in a series of documents and templates that others can use.
The project has been working via a mailing list for the past while and currently has three drafts under active consideration:
More drafts are in development and a BCOP template is available for those interested in submitting their own best practices document for consideration. The IPBCOP project is very much a community effort and all communication really happens through their mailing list, which is open for anyone interested to join. You can also connect with IPBCOP on Twitter, Facebook and Google+.
We think this is a great effort that will only help the operations community move forward with technologies like IPv6 and we encourage you all to check it out and if possible get involved!
Feb 07
Free Light Reading Webinar Feb 8th: Making the IPv6 Transition For Cable
If you have 90 minutes to spare tomorrow, Wednesday, February 8, 2012, the folks over at Light Reading are offering a free (see below) webinar at 1:00 pm US Eastern on the topic of “Making the IPv6 Transition For Cable“. It is sponsored by Arris, Cisco, Juniper Networks and Motorola, and more importantly has an expert panel of people from the cable industry:
- John Brzozowski, Distinguished Engineer & Chief Architect for IPv6, Comcast
- Jeff Finkelstein, Senior Director, Network Architecture, Cox Communications
- Lee Howard, Director of Network Technology, Time Warner Cable
Given that we know these folks ourselves, we expect their contributions to the webinar to provide solid information and case studies for other cable operators and service providers. The webinar will also apparently include presenters from the various sponsors who will probably provide their perspective on how their various products and services can help with the IPv6 transition.
Due note that this webinar is “free” in the sense that there is no direct financial cost. As is typical of these type of sponsored webinars, you do, of course, need to provide information about yourself that will then be provided to the sponsors for their marketing efforts.
Regardless of that fact, I expect that there will be some quite useful IPv6 information available during the session and I’ll be personally joining in for at least the first hour of the session. I expect, although don’t know for certain, that there will be a recording available for later viewing (subject, again, to providing all your contact information).
It’s great to see these kind of sessions out there as we get closer and closer to World IPv6 Launch on June 6th!
The folks at Light Reading also produced a brief video providing a preview of some of the topics and people involved with tomorrow’s webinar:
P.S. Hat tip to Stephen Liu over on Cisco’s blog where we saw mention of this webinar.
Feb 07
Government Computer News – Thanks for the Deploy360 Mention!
Very nice to see the mention of Deploy360 in the Government Computer News “CyberEye” column: Internet Society launches info hub for DNSSEC, IPv6. Many thanks for the mention! The US Government has been pushing hard on both IPv6 and DNSSEC and we’ve got some statistics on our site about US government DNSSEC and IPv6 adoption. We’ve also got some more sites that we’ll be adding to our list of resources that are specifically government-related. We’re very much looking forward to doing all we can to help government IT professionals from the US and from governments all around the world.
If you are a government IT professional, please do look around our site and see if the resources we have here can help you. And if you still need answers to questions, please let us know and we’ll be glad to help!
Feb 06
US DoD DREN Provides Excellent IPv6 Knowledge Base
If you are looking to learn more about IPv6 or looking for lists of products and training resources related to IPv6, the folks over at the United States Department of Defense (DOD) High Performance Computing Modernization Program maintain a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN).
Long names and acronyms aside, some of the many excellent resources to be found within the site include:
- A case study of DREN’s IPv6 pilot program: presentation and whitepaper.
- An overview of lessons learned with IPv6
- An IPv6 tutorial from 2012
- A long list of many IPv6-related training resources, books and ebooks (the “IPv6 Training and Learning Information” link near the top brings you to a periodically-updated PDF listing all the resources)
- Information about applications that support IPv6 (again with a periodically-updated PDF)
- A list of networking products supporting IPv6
- Suggestions on what to do before you begin your IPv6 deployment
- IPv6 security information
- A FAQ
The site includes a great amount of information of value not only to US government agencies and employees, but also to anyone working with IPv6. Kudos to the team at DREN for maintaining the site and we’re pleased to add it to the list of resources we’re promoting here on Deploy360.
Feb 06
Attending O’Reilly’s TOCCON Next Week? Deploy360 Will Be There…
Will you be attending O’Reilly’s “Tools of Change for Publishing 2012” conference (a.k.a. “TOCCON”) in New York from February 13-15, 2012? If so, I (Dan York) will be there and would be delighted to connect with readers of this site. (Just drop me an email or ping me on Twitter.) Given the incredible changes happening within the world of publishing – both online and traditional – I’ll be down at TOCCON looking at how we can best seize the opportunities presented by these changes to make our Deploy360 content available in even more formats and channels. Additionally, a number of sessions are about the underlying technology we’re using (WordPress) or have relevance to the kind of platform we’re building – so I’ll be looking forward to picking up any tips and tricks that will help our site work even smoother and better.
If you aren’t familiar with TOCCON, it’s an annual event sponsored by O’Reilly, the well-known technical publisher, that brings together many of the people at the bleeding edge of the disruption happening within the world of content creation. Here’s the quick intro from their site:
The acceleration of change and innovation in the publishing industry today is dizzying, and the pace can be overwhelming. But this change/forward/fast environment is also ripe with opportunity for those who embrace it and learn to adapt and innovate quickly.
O’Reilly’s TOC Conference is where the publishing and tech industries converge, as practitioners and executives from both camps share what they’ve learned from their successes and failures, explore ideas, and join together to navigate publishing’s ongoing transformation. TOC 2012 delivers a deft mix of the practical and the visionary to give attendees the tools and guidance they need to succeed—and the inspiration to lead change.
On a personal note, attending TOCCON will be a bit unusual for me. It’s the first time I can recall in many years when I am attending an event and not speaking, staffing a booth or reporting on the event (or, more typically, doing all three). I’m just there to learn about the tools and technologies and to meet people involved… it will be a interesting change! :-)
Feb 06
Only 4 months to World IPv6 Launch – are you getting ready?
World IPv6 Launch (more info here) is only four months away on June 6, 2012 -
are you getting ready?
If you haven’t started yet, now is a good time to get going! Here are some resources we have to help you get started:
We are also always publishing new blog posts related to IPv6 covering a wide range of topics.
More than that, please let us know how we can help you get started with IPv6!
Feb 06
DNSSEC Train-The-Trainer From NLnet Labs Feb 9-10 and Feb 16-17
Interested in teaching DNSSEC or developing your own DNSSEC training courses or courseware? We recently learned that Olaf Kolkman of NLNet Labs will be teaching a “DNSSEC train-the-trainer” class two separate times this month. His first class is this week on Thursday and Friday, February 9th and 10th. His second is next week on February 16th and 17th. The material covered will include:
BLOCK 1 Classic DNS
BLOCK 2: Unbound in practice
BLOCK 3: DNS Security DNSSEC Theory fundamentals
BLOCK 4: DNS Keys: risks and management
BLOCK 5: Introducing DNSSEC in a workflow
BLOCK 6: Software and tools availability and development
PRACTICE 1: Setting up a validating recursive nameserver
PRACTICE 2: Setting up an Authorititive Nameserver
PRACTICE 3: Secure Delegation
PRACTICE 4: KEY Rollover
The class is being taught at the Fastlane training center in De Meern, The Netherlands, and the information we have is that there are still a few remaining openings in each class. Contact information and a full course outline can be found on the NGN.nl page about the DNSSEC training (in Dutch).
Feb 03
Information Week on DNSSEC: Having the keys to your own castle is important
So there I was eating my lunch and reading a treeware version of Information Week (you know, those paper things we called “magazines” before everything went to e-something?). Having always been interested in encryption, I started reading the “2012 Data Encryption Survey: Progress and Pain” (sadly, free registration is required to read the whole article) expecting it to be, well, all about data encryption…
… and it was – particularly starting off talking about the the challenges of using SSL/TLS with all the attempts to break SSL, and the multiple compromises at SSL certificate companies that have resulted in attackers successfully getting bogus, but valid, certificates asserting they were someone else.
Then all of a sudden I stopped eating my sandwich as the article took a sharp turn into the world of DNSSEC (and yes, I added some emphasis at the end):
Enter DNSSEC. The DNS Security Extension spec provides the capability for a domain owner–the IT team–to place additional encryption validation at the DNS layer. First it will verify that the SSL certificate is valid. But it also will verify that the DNS server that is authoritative for the domain being requested actually belongs to the certificate owner.
In our example, if a user went to the breached Hotmail.com site and got a Hotmail.com certificate, it wouldn’t validate with the DNS server hosting Hotmail.com, because the certificate generated by the attacker using the hacked CA wouldn’t match. The browser could display a big red box telling the user he’s going to an invalid site. Currently, Google’s Chrome supports DNSSEC natively, and there are plug-ins for Firefox. Internet Explorer 9 doesn’t support DNSSEC, but version 10 is expected to.
The other benefit of DNSSEC is that DNS queries are validated by all servers–from the domain’s authoritative server to the local DNS server to the browser–which means that even man-in-the-middle attacks on DNS queries will be caught.
DNSSEC isn’t perfect, and it’s not a complete replacement for SSL/TLS. But it is a step in the right direction to put control of certificate verification into the hands of certificate owners, instead of the CAs. Furthermore, using DNSSEC is a great solution for organizations with their own internal CAs that don’t want to deploy certificates to every possible device. Most of our respondents, 55%, have their own internal CAs; an additional 15% plan to within 24 months.
Having the keys to your own castle is an important step in controlling your encryption destiny, and if you plan to leverage cloud services securely, it may just be a requirement.
Here, in just a few paragraphs, was a great explanation of an important role DNSSEC can play as another layer in the security infrastructure. In this case, DNSSEC can be used to check the validity of the certificates being used for SSL/TLS.
More importantly, me being the control-freak that I am, the article points out the incredible importance of being in control of your own security. You, as the domain owner, can be the one inserting the appropriate keys directly into the DNS infrastructure. Or you can have someone do it on your behalf… but the point is that you are in control.
That’s a powerful capability!
What do you think? Have you started looking at DNSSEC yet? If not, check out the DNSSEC resources we’ve listed so far – and if you don’t find exactly what you need, please ask us about it and we’ll see if we can find something to help you.
P.S. For those wondering, the rest of the article provided some interesting discussion and statistics around encryption within cloud computing platforms and with the use of mobile devices such as tablets and smartphones. Oh, and I did eventually finish my sandwich. 
Feb 02
US DoD/DREN IPv6 Knowledge Base
The United States Department of Defense (DOD) High Performance Computing Modernization Program maintains a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN). The main IPv6 knowledge base can be found at:
http://www.hpcmo.hpc.mil/cms2/index.php/ipv6-knowledge-base-general-info
There are many excellent resources to be found within the site including:
- A case study of DREN’s IPv6 pilot program: presentation and whitepaper.
- An overview of lessons learned with IPv6
- An IPv6 tutorial from 2012
- A long list of many IPv6-related training resources, books and ebooks (the “IPv6 Training and Learning Information” link near the top brings you to a periodically-updated PDF listing all the resources)
- Information about applications that support IPv6 (again with a periodically-updated PDF)
- A list of networking products supporting IPv6
- Suggestions on what to do before you begin your IPv6 deployment
- IPv6 security information
- A FAQ
All in all the site is an outstanding resource for people looking for more IPv6 information.
Feb 02
Martin Geddes Must-Read Piece On "Peak Telecoms"
Martin Geddes doesn't hold back! No longer beholden to corporate overlords (he used to work for BT), he is wonderfully free to say exactly what he believes. And he does....
If you are interested in the future of telecommunications / telephony, you really need to go over and read his piece:
Peak Telecoms
A teaser:
The telco voice and messaging business is on the verge of going into meltdown. As this is where the margins come from, the problem is hard to exaggerate. The drip-drip of links about declining voice and messaging volume and revenue is becoming a small stream. Even mobile telephony is losing ground in competition to asynchronous messaging. Twitter and Facebook message volumes are exploding, and SMS is beginning to sink. Termination and roaming are endangered species, hunted by packs of voracious regulators. There is no way back. When I started writing Telepocalypse back in 2003, the only thing I got wrong was the timing.
Cue the song "It's The End Of The World As We Know It"...
Well done, Martin, well done!
Image credit: gmacorig on Flickr
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed
