The document discusses issues around the Internet of Things (IoT). It notes that while connecting "things" to the Internet is not new, IoT has become a hot topic today due to factors like low-cost high-capability silicon enabling widespread deployment of connected devices. However, the document expresses concerns about IoT security and privacy, noting many current IoT devices have vulnerabilities like unchangeable default passwords and open ports, and the market does not adequately incentivize more secure solutions. It concludes the problems posed by an insecure IoT are significant and difficult to address.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
The document discusses an organization's IPv6 deployment status and considerations. It asks about the extent of IPv6 deployment, where deployment has occurred, and the main reasons for and against deployment. Respondents indicate they have considered IPv6 requirements and assessed current systems' capabilities. Some have obtained IPv6 connectivity and established training. Lack of resources, competing priorities, and management buy-in are cited as the primary reasons for not deploying IPv6 yet.
While IPv6 has been a defined standard since 1998, the end-user adoption of this standard is minimal. Less than 1% of Internet peers utilize IPv6 in the course of normal operation. However, IPv6 support within operating systems and network routers is becoming commonplace. While IT personnel continue to be focused on IPv4, IPv6 capabilities may already be active by default on many Internet connected systems within an IT professional's environment. These IPv6 interfaces generate traffic which can bypass traditional controls based on IPv4 technology. Although IPv6 is likely to eclipse IPv4 as the dominant Internet protocol, the path to this state is disorganized and unclear. This state indicates that as IPv6 gains inertia as a legitimate Internet protocol, IT administrators need to be aware of and manage IPv6 traffic on their network with as much vigilance as they would apply to the more commonplace IPv4.
Kevin D. Wilkins, CISSP, Senior Network Engineer, iSecure LLC
After coursework at the Rochester Institute of Technology, Kevin’s professional experience includes ISP and VOIP operations. Kevin has 10 years of industry experience in system and network engineering and platform management. In the last few years, a focus on information security has brought his experiences together into a consolidated viewpoint of enterprise-wide security policy and implementation.
Peter Rounds, Senior Network Engineer, Syracuse University
Peter has been a Sr. Network Engineer at Syracuse University for 11 years. He is responsible for maintaining core network infrastructure consisting of Internet edge traffic identification/management, Internet BGP routing and security profile management, campus OSPF and security profile management, and data center network and security profile management. He is responsible for numerous security technologies for the University.
This document provides an overview of IPv6 for an audience unfamiliar with the topic. It begins with a brief explanation of what IPv6 is and how it differs from IPv4 in areas like addressing and configuration. Statistics on global and domestic IPv6 deployment levels are presented. Potential business drivers for IPv6 adoption in research and education are outlined. The document then discusses IPv6 support and services available through Janet, as well as initial deployment strategies and considerations. Sources of additional guidance are listed, and examples of IPv6 in use are briefly described.
This document summarizes Jeff Schmidt's presentation on Telstra's deployment of IPv6 for mobiles. Key points include:
1) Telstra implemented IPv6 to future-proof their network and address IPv4 depletion issues, using dual-stack and 464XLAT architectures.
2) Business drivers were addressing the growing traffic demand and enabling new technologies like IoT, while technical drivers addressed IPv4 depletion and inefficiencies.
3) The deployment included addressing and subnetting plans, network security designs, and testing multiple deployment models.
The document discusses Marco d'Itri's thoughts on the transition to IPv6. It describes the transition as ongoing, with no flag days, as IPv6 adoption grows. It notes that while IPv4 NAT is easy for access networks, it is difficult for servers. Many large content providers already use IPv6. The transition involves steps before IPv4 addresses ran out, the current transition period, and after the transition when IPv4 will be optional. IPv6 adoption is growing in several countries like Belgium and the US. Eventually IPv4-only islands will need to make themselves accessible over IPv6. The document provides advice on starting an IPv6 transition and offers a simple IPv6 addressing plan.
The document discusses issues around the Internet of Things (IoT). It notes that while connecting "things" to the Internet is not new, IoT has become a hot topic today due to factors like low-cost high-capability silicon enabling widespread deployment of connected devices. However, the document expresses concerns about IoT security and privacy, noting many current IoT devices have vulnerabilities like unchangeable default passwords and open ports, and the market does not adequately incentivize more secure solutions. It concludes the problems posed by an insecure IoT are significant and difficult to address.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
The document discusses an organization's IPv6 deployment status and considerations. It asks about the extent of IPv6 deployment, where deployment has occurred, and the main reasons for and against deployment. Respondents indicate they have considered IPv6 requirements and assessed current systems' capabilities. Some have obtained IPv6 connectivity and established training. Lack of resources, competing priorities, and management buy-in are cited as the primary reasons for not deploying IPv6 yet.
While IPv6 has been a defined standard since 1998, the end-user adoption of this standard is minimal. Less than 1% of Internet peers utilize IPv6 in the course of normal operation. However, IPv6 support within operating systems and network routers is becoming commonplace. While IT personnel continue to be focused on IPv4, IPv6 capabilities may already be active by default on many Internet connected systems within an IT professional's environment. These IPv6 interfaces generate traffic which can bypass traditional controls based on IPv4 technology. Although IPv6 is likely to eclipse IPv4 as the dominant Internet protocol, the path to this state is disorganized and unclear. This state indicates that as IPv6 gains inertia as a legitimate Internet protocol, IT administrators need to be aware of and manage IPv6 traffic on their network with as much vigilance as they would apply to the more commonplace IPv4.
Kevin D. Wilkins, CISSP, Senior Network Engineer, iSecure LLC
After coursework at the Rochester Institute of Technology, Kevin’s professional experience includes ISP and VOIP operations. Kevin has 10 years of industry experience in system and network engineering and platform management. In the last few years, a focus on information security has brought his experiences together into a consolidated viewpoint of enterprise-wide security policy and implementation.
Peter Rounds, Senior Network Engineer, Syracuse University
Peter has been a Sr. Network Engineer at Syracuse University for 11 years. He is responsible for maintaining core network infrastructure consisting of Internet edge traffic identification/management, Internet BGP routing and security profile management, campus OSPF and security profile management, and data center network and security profile management. He is responsible for numerous security technologies for the University.
This document provides an overview of IPv6 for an audience unfamiliar with the topic. It begins with a brief explanation of what IPv6 is and how it differs from IPv4 in areas like addressing and configuration. Statistics on global and domestic IPv6 deployment levels are presented. Potential business drivers for IPv6 adoption in research and education are outlined. The document then discusses IPv6 support and services available through Janet, as well as initial deployment strategies and considerations. Sources of additional guidance are listed, and examples of IPv6 in use are briefly described.
This document summarizes Jeff Schmidt's presentation on Telstra's deployment of IPv6 for mobiles. Key points include:
1) Telstra implemented IPv6 to future-proof their network and address IPv4 depletion issues, using dual-stack and 464XLAT architectures.
2) Business drivers were addressing the growing traffic demand and enabling new technologies like IoT, while technical drivers addressed IPv4 depletion and inefficiencies.
3) The deployment included addressing and subnetting plans, network security designs, and testing multiple deployment models.
The document discusses Marco d'Itri's thoughts on the transition to IPv6. It describes the transition as ongoing, with no flag days, as IPv6 adoption grows. It notes that while IPv4 NAT is easy for access networks, it is difficult for servers. Many large content providers already use IPv6. The transition involves steps before IPv4 addresses ran out, the current transition period, and after the transition when IPv4 will be optional. IPv6 adoption is growing in several countries like Belgium and the US. Eventually IPv4-only islands will need to make themselves accessible over IPv6. The document provides advice on starting an IPv6 transition and offers a simple IPv6 addressing plan.
The Internet industry is undergoing a fundamental change as it transitions from IPv4 to IPv6. These slides are from the May 2011 webcast which provided an introduction to IPv6, covering the various issues and concerns about this new protocol, as well as the opportunities it offers.
The webcast featured Limor Schafman and Dale Geesey, IPv6 experts, discussing what IPv6 is, why it’s different, its advantages, the transition period from IPv4 and how organizations should start preparing.
You can view the webcast on the Commtouch Slideshare page.
Presentation by Quaenet on what LoRaWAN is and the role it plays in the Internet of Things (IoT and IIoT). Presented at Silicon Halton IoT Peer2Peer group Sep 2018.
IPv6 adoption is increasing due to the depletion of available IPv4 addresses. The document discusses IPv6 allocation timelines, the need to reach more internet users, and transition techniques from IPv4 to IPv6 like dual stacking and tunneling. It provides guidance on obtaining IPv6 allocations and assignments, addressing and routing, and a phased approach to deployment within an organization.
This document discusses Internet of Things (IoT) networking standards that enable IoT devices to connect using IPv6. It covers protocols like 6LoWPAN that allow IPv6 to be used over low-power wireless networks, as well as standards for routing (RPL), security (DTLS, CoAP), and device management (LWM2M, SUIT). It also mentions low-power wide area network technologies (LPWANs) and the Thread mesh networking standard that are important for connecting many IoT devices using IPv6.
APNIC Training Delivery Manager for SEA and SA, Shane Hermoso, presents on the importance of peering and IXPs at the Women in Networking series on 17 November 2021
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
IP ServerOne is a Malaysian data center provider that manages over 4500 physical servers across 5 data centers. They experience 2-5 DDoS attacks per day, mostly ranging from 4.5-8.9 Gbps. To detect attacks, they use netflow to monitor traffic patterns and flag abnormal packet rates to single IPs. When an attack is detected, traffic is rerouted to on-premise filtering devices in less than 90 seconds to scrub attacks while allowing legitimate traffic. IP ServerOne advocates a hybrid mitigation approach using their own infrastructure alongside cloud-based protection.
The DDoS challenge of today has become a revenue generating opportunity for Converged Service Providers, Mobile Carriers as well as Wireline and Cable Carriers. While hardened centralized DDoS scrubbing operations are increasingly inflexible and becoming obsolete, localized DDoS mitigation operations are becoming the solution of choice for many. A new approach to DDoS protection, visibility and scalability is enabling Providers with new opportunities for revenue generating services--at a fraction of the cost of traditional DDoS defense solutions. This slide deck explains how the DDoS challenge has become an opportunity for the modern day Service Provider.
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling transport protocols from what's below, by Catherine Pearce.
A presentation given at APRICOT 2016’s APOPS Plenary 1 session on 22 February 2016.
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
The document discusses the changing security landscape regarding distributed denial of service (DDoS) attacks. Some key points:
- DDoS attacks are increasing greatly in size, with the largest attacks exceeding 1 terabit per second. Many organizations now experience attacks over 100 gigabits per second.
- Botnets of infected internet of things devices have been used in large DDoS attacks in recent years, including attacks over 600 gigabits targeting various websites and infrastructure.
- The availability of inexpensive DDoS tools online has led to a rise in the frequency of attacks, with over half of internet service providers now seeing more than 50 attacks per month.
The issue of deploying IPv6 Technology has been a topic of debate for more than a decade now.
Professionals have been discussing on the transition from Internet Protocol version 4 (IPVv4) to Internet
Protocol version 6 (IPv6) due to the fact that the IPv4 address space would soon be exhausted.
In this paper, we analyse the IPv4 and IPv6 technologies and look at the benefits of migrating to IPv6,
its social implications, risks & challenges and the opportunities the IPv6 migration offers
This document discusses the growing threat of DDoS attacks fueled by insecure IoT devices. It provides statistics showing a rise in the size and frequency of DDoS attacks in 2016. Specifically, it notes a peak attack of 579Gbps in 2016 compared to 335Gbps in 2015. It also details characteristics of the powerful Mirai botnet, which has been used to launch major attacks exceeding 600Gbps. Finally, it offers best practices for organizations to help mitigate risks from DDoS attacks, such as deploying multi-layered protection and implementing anti-spoofing mechanisms.
The document is from a 2011 IPv6 Forum conference presentation about making the transition to IPv6. It discusses myths around IPv6 adoption, such as the ideas that NAT solved the IPv4 address shortage or that IPv6 is only relevant in Asia. It also provides tips for enabling the IPv6 transition, including deploying dual stack, enforcing security, leveraging applications, and aligning business and IT plans to manage the risks of transitioning network infrastructure. The presentation aims to convince organizations to start adopting IPv6.
This document summarizes wireless security assessments. It outlines the methodology, which includes pre-planning, locating wireless devices, validating their locations, identifying vulnerabilities, exploiting weaknesses, documenting findings, and communicating results. It describes cracking WEP encryption and Cisco LEAP authentication. Specific attacks against wireless networks are also detailed, such as sniffing traffic and spoofing access points. The document recommends using strong encryption, authentication, and monitoring over insecure protocols like WEP. Future trends may include increased policy/compliance challenges and network segmentation.
This document summarizes the history and security of Wi-Fi networks. It discusses how early security protocols like WEP were cracked and how newer protocols like WPA and WPA2 improved security but still have vulnerabilities. It provides advice on securing Wi-Fi networks including using a VPN, long passwords, and MAC address filtering. The document warns about risks of public hotspots and outlines legal issues around unauthorized network access.
Pv6 Tutorial for Beginners - Learn IPv6 (Internet protocol Version-6) in simple and easy steps. A beginner's tutorial containing complete knowledge of IPv6, IPv6 Features,
The document discusses network packet reconstruction technology for computer forensics and information security. It summarizes Decision Group's product offerings which allow capturing, organizing, and replaying network packets for analysis. It also outlines their research and development history and customer base.
Cracking of wireless networks is the defeating of security devices in Wireless local-area networks. Wireless local-area networks(WLANs) – also called Wi-Fi networks are inherently vulnerable to security lapses that wired networks Cracking is a kind of information network attack that is akin to a direct intrusion. There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.
APNIC Update- PITA Member Meeting, Honolulu, 2015APNIC
APNIC provides an overview of its activities and statistics in 2014. Key points include:
- APNIC membership grew to over 5,000 members serving the Asia Pacific region.
- Less than 100 million IPv4 addresses remain available while IPv6 adoption increased.
- APNIC conducted training, events, and outreach to support network operators and the transition to IPv6.
- Engagement with stakeholders on issues like the IANA stewardship transition and routing security continued.
- Upcoming APNIC events in 2015 include meetings in Fukuoka and Jakarta.
The Internet industry is undergoing a fundamental change as it transitions from IPv4 to IPv6. These slides are from the May 2011 webcast which provided an introduction to IPv6, covering the various issues and concerns about this new protocol, as well as the opportunities it offers.
The webcast featured Limor Schafman and Dale Geesey, IPv6 experts, discussing what IPv6 is, why it’s different, its advantages, the transition period from IPv4 and how organizations should start preparing.
You can view the webcast on the Commtouch Slideshare page.
Presentation by Quaenet on what LoRaWAN is and the role it plays in the Internet of Things (IoT and IIoT). Presented at Silicon Halton IoT Peer2Peer group Sep 2018.
IPv6 adoption is increasing due to the depletion of available IPv4 addresses. The document discusses IPv6 allocation timelines, the need to reach more internet users, and transition techniques from IPv4 to IPv6 like dual stacking and tunneling. It provides guidance on obtaining IPv6 allocations and assignments, addressing and routing, and a phased approach to deployment within an organization.
This document discusses Internet of Things (IoT) networking standards that enable IoT devices to connect using IPv6. It covers protocols like 6LoWPAN that allow IPv6 to be used over low-power wireless networks, as well as standards for routing (RPL), security (DTLS, CoAP), and device management (LWM2M, SUIT). It also mentions low-power wide area network technologies (LPWANs) and the Thread mesh networking standard that are important for connecting many IoT devices using IPv6.
APNIC Training Delivery Manager for SEA and SA, Shane Hermoso, presents on the importance of peering and IXPs at the Women in Networking series on 17 November 2021
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
IP ServerOne is a Malaysian data center provider that manages over 4500 physical servers across 5 data centers. They experience 2-5 DDoS attacks per day, mostly ranging from 4.5-8.9 Gbps. To detect attacks, they use netflow to monitor traffic patterns and flag abnormal packet rates to single IPs. When an attack is detected, traffic is rerouted to on-premise filtering devices in less than 90 seconds to scrub attacks while allowing legitimate traffic. IP ServerOne advocates a hybrid mitigation approach using their own infrastructure alongside cloud-based protection.
The DDoS challenge of today has become a revenue generating opportunity for Converged Service Providers, Mobile Carriers as well as Wireline and Cable Carriers. While hardened centralized DDoS scrubbing operations are increasingly inflexible and becoming obsolete, localized DDoS mitigation operations are becoming the solution of choice for many. A new approach to DDoS protection, visibility and scalability is enabling Providers with new opportunities for revenue generating services--at a fraction of the cost of traditional DDoS defense solutions. This slide deck explains how the DDoS challenge has become an opportunity for the modern day Service Provider.
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling transport protocols from what's below, by Catherine Pearce.
A presentation given at APRICOT 2016’s APOPS Plenary 1 session on 22 February 2016.
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
The document discusses the changing security landscape regarding distributed denial of service (DDoS) attacks. Some key points:
- DDoS attacks are increasing greatly in size, with the largest attacks exceeding 1 terabit per second. Many organizations now experience attacks over 100 gigabits per second.
- Botnets of infected internet of things devices have been used in large DDoS attacks in recent years, including attacks over 600 gigabits targeting various websites and infrastructure.
- The availability of inexpensive DDoS tools online has led to a rise in the frequency of attacks, with over half of internet service providers now seeing more than 50 attacks per month.
The issue of deploying IPv6 Technology has been a topic of debate for more than a decade now.
Professionals have been discussing on the transition from Internet Protocol version 4 (IPVv4) to Internet
Protocol version 6 (IPv6) due to the fact that the IPv4 address space would soon be exhausted.
In this paper, we analyse the IPv4 and IPv6 technologies and look at the benefits of migrating to IPv6,
its social implications, risks & challenges and the opportunities the IPv6 migration offers
This document discusses the growing threat of DDoS attacks fueled by insecure IoT devices. It provides statistics showing a rise in the size and frequency of DDoS attacks in 2016. Specifically, it notes a peak attack of 579Gbps in 2016 compared to 335Gbps in 2015. It also details characteristics of the powerful Mirai botnet, which has been used to launch major attacks exceeding 600Gbps. Finally, it offers best practices for organizations to help mitigate risks from DDoS attacks, such as deploying multi-layered protection and implementing anti-spoofing mechanisms.
The document is from a 2011 IPv6 Forum conference presentation about making the transition to IPv6. It discusses myths around IPv6 adoption, such as the ideas that NAT solved the IPv4 address shortage or that IPv6 is only relevant in Asia. It also provides tips for enabling the IPv6 transition, including deploying dual stack, enforcing security, leveraging applications, and aligning business and IT plans to manage the risks of transitioning network infrastructure. The presentation aims to convince organizations to start adopting IPv6.
This document summarizes wireless security assessments. It outlines the methodology, which includes pre-planning, locating wireless devices, validating their locations, identifying vulnerabilities, exploiting weaknesses, documenting findings, and communicating results. It describes cracking WEP encryption and Cisco LEAP authentication. Specific attacks against wireless networks are also detailed, such as sniffing traffic and spoofing access points. The document recommends using strong encryption, authentication, and monitoring over insecure protocols like WEP. Future trends may include increased policy/compliance challenges and network segmentation.
This document summarizes the history and security of Wi-Fi networks. It discusses how early security protocols like WEP were cracked and how newer protocols like WPA and WPA2 improved security but still have vulnerabilities. It provides advice on securing Wi-Fi networks including using a VPN, long passwords, and MAC address filtering. The document warns about risks of public hotspots and outlines legal issues around unauthorized network access.
Pv6 Tutorial for Beginners - Learn IPv6 (Internet protocol Version-6) in simple and easy steps. A beginner's tutorial containing complete knowledge of IPv6, IPv6 Features,
The document discusses network packet reconstruction technology for computer forensics and information security. It summarizes Decision Group's product offerings which allow capturing, organizing, and replaying network packets for analysis. It also outlines their research and development history and customer base.
Cracking of wireless networks is the defeating of security devices in Wireless local-area networks. Wireless local-area networks(WLANs) – also called Wi-Fi networks are inherently vulnerable to security lapses that wired networks Cracking is a kind of information network attack that is akin to a direct intrusion. There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.
APNIC Update- PITA Member Meeting, Honolulu, 2015APNIC
APNIC provides an overview of its activities and statistics in 2014. Key points include:
- APNIC membership grew to over 5,000 members serving the Asia Pacific region.
- Less than 100 million IPv4 addresses remain available while IPv6 adoption increased.
- APNIC conducted training, events, and outreach to support network operators and the transition to IPv6.
- Engagement with stakeholders on issues like the IANA stewardship transition and routing security continued.
- Upcoming APNIC events in 2015 include meetings in Fukuoka and Jakarta.
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]APNIC
Yoshiki Sugiura of NTT-CERT presents on CERT activities. NTT-CERT handles security incidents and vulnerabilities for NTT Group companies. It provides reactive services like incident handling and proactive services like security alerts. NTT-CERT collaborates with other CERTs through organizations like FIRST and NCA to share security information and best practices. The presentation outlines NTT-CERT's operations, activities, and partnerships.
The document provides an overview of the IANA Department within ICANN. It discusses the IANA functions of maintaining unique internet identifiers like domain names, protocol parameters, and internet number resources. It describes the process for reviewing and approving requests to update protocol parameter registries and allocate internet number resources according to established policies. The goal of the IANA Department is to coordinate these systems globally to ensure interoperability of the internet.
This document discusses IPv4 transfers and the Resource Public Key Infrastructure (RPKI). It provides information on who can transfer IPv4 addresses between APNIC members and other RIRs, and shows statistics on IPv4 transfers from Singapore. It describes what RPKI is and how it helps secure internet routing by validating routes. It provides instructions on how to create Route Origin Authorization (ROA) objects in MyAPNIC to participate in RPKI and the benefits of maintaining ROAs. Statistics on ROA adoption in several Asian countries are also presented, along with an example of a successful ROA deployment campaign in Bangladesh.
Community tools to fight against DDoS, SANOG 27APNIC
Community tools can help fight DDoS attacks in three ways:
1. Bogon filtering blocks traffic from bogon address space not assigned to any network. Networks share bogon lists and filter incoming routes.
2. Flow Sonar provides visual network traffic analysis to detect anomalies indicating attacks. It incorporates DDoS alert feeds to identify compromised sources.
3. UTRS implements remote triggered blackhole filtering to divert suspected attack traffic to a null route. Cooperating networks distribute and apply attack filters to mitigate large infrastructure attacks.
1) APNIC provides Internet number resources and services to the Asia Pacific region and aims for an open, stable, and secure Internet.
2) In 2014, APNIC served over 4,000 members, trained over 2,300 people, and supported numerous networking events across the region.
3) APNIC worked on policy developments, improved its infrastructure and processes, expanded training programs, and increased engagement and cooperation globally on issues like IPv6 and security.
Route Origin Authorization (ROA) using RPKI, PhNOG, PhilippinesAPNIC
The document discusses Resource Public Key Infrastructure (RPKI) and the use of Route Origin Authorizations (ROAs) to secure Internet number resources and routing. It encourages network operators to enable RPKI and create ROAs in their MyAPNIC account to prevent hijacking of their IP address space and routing prefixes. Visual tools are presented that map ROA coverage across different economies in the Asia Pacific region to illustrate the need for more widespread adoption of these routing security mechanisms.
The document provides an overview of Autonomous System Numbers (ASNs) including how they are distributed and used for interconnection in Indonesia. It notes that Indonesia currently has 530 advertised ASNs and discusses challenges around the adoption of 4-byte ASNs in the country. The document also visualizes Indonesia's position within the global routing ecosystem and provides recommendations around routing security, resource registration, and route aggregation.
This document summarizes APNIC's activities and updates from 2014. It discusses APNIC's vision of serving the Asia Pacific internet community. It also outlines ways to obtain IPv4 addresses through rationing APNIC's last block, address transfers, and recycling returned addresses. Additionally, it provides statistics on IPv6 delegations and autonomous system numbers. The document encourages community input on proposals and invites participation in the upcoming APNIC conference.
The Industrial IoT depends on connectivity and information exchange. Much of the business value derives from the ability to have independent systems share information in order to derive knowledge, make "smart decisions", and offer behavior and functionality never before possible.
Many industrial systems were designed with a focus on reliability and safety at a time were implicit trust of all components and communication was the norm. Restricting physical access is currently the only practical method for protecting this existing critical infrastructure. This includes the electrical power grid, process control, transportation, or manufacturing systems. This is changing with increased connectivity to the Internet and personal computers as well as awareness of malicious insider threats. Many industrial systems are being (or want to be) connected to external networks using standard technologies like Ethernet and the Internet Protocol Suite (TCP/UDP/IP). These technologies make systems more functional and efficient, unfortunately they also open the critical infrastructure to cyber attacks.
New IIoT Systems are being designed with security as a key concern. New systems can leverage a solid set of security technologies and building blocks for Authentication, Cryptography, Integrity, etc. However these security technologies must be used correctly and in ways that do not disrupt the performance or access to the legitimate applications/devices, yet limit legitimate access to just the needed information (to minimize the insider threats) and denies access to all others. Adding to this difficulties the new systems need to co-exist and (securely) exchange information with the already-deployed legacy systems which were built without such security elements.
Secure DDS (a recent standard from the OMG) is a "secure connectivity middleware" technology that can be used to address these three needs: (1) Build modern secure IIoT systems, (2) Secure legacy Industrial systems being connected on the Internet, and (3) Securely bridge between new and legacy systems. Secure DDS extends the proven Data-Distribution Service (DDS) and Real-Time Publish-Subscribe Protocol (DDS-RTPS) standards with enterprise-grade authentication, encryption and fine-grained security controls while maintaining the peer-to-peer, robustness and scalability features (including secure multicast) that have made DDS a clear choice for critical infrastructure systems.
This presentation introduces the DDS Security specification and provide describe several use-cases that exemplify how these standards are deployed in real-world applications.
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceImperva Incapsula
All too often, online threats such as DDoS attacks, scrapers, or traffic that consumes too much bandwidth are disrupting or slowing down SaaS websites. It is now more important than ever to keep website traffic flowing quickly without service interruptions.
Tempus Technologies’ president, Jason Sweitzer, talks about the technological challenges his company faced and the solutions his team adopted to increase website acceleration and uptime.
Join us for Incapsula’s free 30-minute webinar to learn how you can increase your website’s uptime and enhance its performance. We’ll be discussing opportunities SaaS companies can explore through WAF protection, frontend SSL, failover ISPs, and against DDoS attacks and using Incapsula solutions.
This document discusses applying VoIP security and reliability using commodity services, hardware, and software. It provides an overview of solutions for availability, reliability, and security using Asterisk software run on Dell and SuperMicro servers with Polycom phones. The solutions include using quality internet providers with failover, OpenVPN for encryption, firewalls, and least privilege access. Case studies show the approach provides robust and secure communications for businesses.
The document discusses Aruba's eSupport project which includes enhancing the Airheads community experience by integrating the support site, community, and partner center. It also discusses upcoming solutions like the Solutions Exchange for pre-building sample configurations and mentions the release of AOS 6.2.1.2. Various wireless issues and troubleshooting techniques are then covered such as reducing channel busy, fixing low SNR, and new troubleshooting tools in AOS 6.3 like client packet capture. Reminders are provided about resources such as the TAC quick reference guide, validated reference designs, and raising a support ticket.
DDoS Mitigation on the Front Line with RedShieldSam Pickles
The document discusses DDoS mitigation strategies presented by Aura Information Security. It outlines common DDoS threats like NTP amplification attacks and application layer attacks. It then discusses the limitations of traditional firewalls and how the TMOS platform can better mitigate attacks through TCP proxying, behavioral analysis and interaction. The presentation concludes with an overview of Aura's DDoS reference architecture using F5 technology and their managed security services.
Planning and Troubleshooting VoIP Performance shares insights on ThousandEyes helps visualize VoIP routing between branch offices and across the internet, optimize and plan new VoIP deployments and expansions, and troubleshoot VoIP performance to specific problem nodes, links and networks.
Netpluz is a managed communications service provider based in Singapore with a vision to be the top provider in Asia Pacific. Their mission is to simplify communications for clients through converged network services including data, voice, and video. They have a reliable infrastructure with multiple points of presence and partnerships with technology providers. Netpluz offers a range of managed services including internet connectivity, SD-WAN, cybersecurity, cloud, voice, and mobility solutions to customers in various industries. They aim to provide proactive support and optimize clients' IT resources through their full-service offerings.
DRS-ADAM is a cybersecurity product that aims to mitigate amplified DNS denial of service (ADD) attacks at their source by sharing DNS query rates among affected resolvers in real-time. It operates by having target servers share their accumulated DNS query rates with nearby resolvers through an iterative gossip-like algorithm. This allows resolvers to detect attacks based on their total query rates to a target before it is overwhelmed. The algorithm converges in O(N^2) time and experiments showed DRS-ADAM can mitigate multi-Gbps ADD attacks within seconds while meeting practical deployment criteria.
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Canada
Cisco Connect events bring together technical education, networking opportunities, and expert insight for communities worldwide. They offer insights from Cisco leadership on strategic direction and partnerships, as well as educational content on current and future technologies. Unlike other events, Cisco Connect is specifically for Cisco customers, partners, and those with Cisco certifications.
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
This presentation reviews the spectrum of perimeter solutions based on unidirectional technology - solutions that are being deployed to protect the safety and reliability of industrial control systems. Learn why the technology is truly unidirectional based on physics and different ways it can be used in SCADA and DCS.
Many practitioners find parts of the spectrum to be counter-intuitive. Further, some parts of the spectrum are straightforward to deploy, and others require that practitioners take some care to ensure that the results really are as strong as they should be. Technologies and techniques covered include unidirectional gateways, secure bypass, temporary/programmed gateway reversals, opposing gateways, secure remote access, and parallel operations and IT WANs.
Orange Creek Inc. is requesting bids to implement a new network infrastructure for their office in Lexington, Kentucky. The proposed solution includes installing servers, workstations, wireless access points, security cameras, and cabling. The project will be implemented in four milestones including installing core infrastructure, servers, a VoIP phone system, and integrating and testing the full network. The estimated total cost is $790,818.19.
How to Reduce Latency with Cloudflare Argo Smart RoutingCloudflare
The Internet is inherently unreliable, a collection of networks connected to each other where things break all the time; cables get cut, bogus routes get advertised, routers crash. Today, to fix all of this, Cloudflare launched Argo, a “virtual backbone” for the modern Internet. Just as Waze can tell you which route to take to avoid congested or blocked roads, Argo can route connections across the Internet efficiently by avoiding packet loss, congestion, and outages.
A secure web server isn’t really secure if the infrastructure supporting it remains vulnerable. Unless you implement infrastructure protection, your non-HTTP assets are vulnerable and you may not be as protected as you think you are.
You may be like others who need to get better DDoS protection but haven’t been able to or had to settle for an imperfect solution because of deployment limitations such as protocol dependencies and BGP restrictions. Incapsula IP Protection has now overcome these barriers — and we are the only service that can do it.
At this webinar our product experts will discuss how Incapsula customers are adopting IP Protection and bringing their DDoS protection to the next level. We’ll also have a discussion with Imperva CISO Shahar Ben-Hador who will share insights on how we use IP Protection and real-world lessons learned.
You need to protect more than just your web servers from DDoS attacks. We’ll address these questions:
Why do you need to protect more than just your web servers?
What were the limitations others ran into when they tried to do it?
How did Incapsula help them overcome the limitations?
...and much more!
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
The document compares eBPF, XDP and DPDK for packet inspection. It describes the speaker's experience using these tools to build a virtual machine that can handle 10Gbps of traffic and drop packets to mitigate DDoS attacks. It details how eBPF and XDP were able to achieve higher packet drop rates than iptables or a custom module. While DPDK could drop traffic at line rate, it required specialized hardware and expertise. Ultimately, XDP provided the best balance of performance, driver support and programmability using eBPF to drop millions of packets per second.
The document discusses using open source tools pfSense and FRR to improve the security and reliability of Internet Service Provider (ISP) networks in Bangladesh. Case studies show how pfSense implemented as a firewall and router can block malware and threats based on intelligence feeds. This provides a better user experience than MikroTik routers by filtering attacks and bad actors at the core network level. The solution is low cost and easy for ISPs to implement and maintain.
DNS Protection safeguards Incapsula clients’ DNS servers, while also accelerating DNS responses.
Infrastructure Protection, enabled by the addition of a GRE tunneling onboarding option, widen Incapsula's security perimeter - allowing it to protect entire subnets, secure all network elements and inspect all TCP/UDP communication.
The document discusses issues and recommendations for implementing IP video conferencing on a state network. It provides background on the transition from ATM video to H.323 IP video. It recommends specific video codec hardware and software, addresses quality of service challenges, and recommends Click To Meet directory services and a dialing plan for the network. An IP Video Task Force was formed to address these issues and help with the implementation.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
Similar to Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Keynotes] (20)
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.