Is it time for TLS for SIP-based Voice over IP(VoIP)? At SIPNOC 2014 on June 10, 2014, I spoke about how to secure VOIP communications using TLS and what are both the challenges and benefits.
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
I gave the opening keynote at AstriCon 2015 in Orlando on Oct 14, 2015. You can read more at:
http://www.disruptivetelephony.com/2015/09/keynote-at-astricon-on-oct-14-open-source-and-the-global-disruption-of-telecom-what-choices-will-we-make.html
and
http://www.asterisk.org/community/astricon-user-conference/sessions/keynote-address-open-source-and-global-disruption
The abstract is:
There is a battle raging for the global future of telecommunications and the Internet. Taking place in networks, board rooms and legislatures, the battle will determine how we all communicate and what opportunities will exist. Will telecom support innovation? Will it be accessible to all? Will it give us the level of security and privacy we need to have the open, trusted Internet? Or will it be restricted and limited by corporate or government gatekeepers?
The rise of voice-over-IP has fundamentally disrupted the massive global telecommunications industry, infrastructure and policies. Open source software such as Asterisk has been a huge driver of that disruption and innovation.. but now what? What role do platforms such as Asterisk play in this space? And what can be their role in a telecom infrastructure that is now mobile, increasingly embedded (Internet of Things) and more and more using proprietary walled gardens of communication?
Join the Internet Society's Dan York in an exploration of what the future holds for telecom infrastructure and policy - and how the choices we make will determine that future.
My talk at Voip2day 2016 in Madrid (organised by Avanzada 7 in Malaga).
This talks cover recent trends in realtime communication, from VoIP to WebRTC and Internet of Things
Testing iOS apps without jailbreak in 2018SecuRing
Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
I gave the opening keynote at AstriCon 2015 in Orlando on Oct 14, 2015. You can read more at:
http://www.disruptivetelephony.com/2015/09/keynote-at-astricon-on-oct-14-open-source-and-the-global-disruption-of-telecom-what-choices-will-we-make.html
and
http://www.asterisk.org/community/astricon-user-conference/sessions/keynote-address-open-source-and-global-disruption
The abstract is:
There is a battle raging for the global future of telecommunications and the Internet. Taking place in networks, board rooms and legislatures, the battle will determine how we all communicate and what opportunities will exist. Will telecom support innovation? Will it be accessible to all? Will it give us the level of security and privacy we need to have the open, trusted Internet? Or will it be restricted and limited by corporate or government gatekeepers?
The rise of voice-over-IP has fundamentally disrupted the massive global telecommunications industry, infrastructure and policies. Open source software such as Asterisk has been a huge driver of that disruption and innovation.. but now what? What role do platforms such as Asterisk play in this space? And what can be their role in a telecom infrastructure that is now mobile, increasingly embedded (Internet of Things) and more and more using proprietary walled gardens of communication?
Join the Internet Society's Dan York in an exploration of what the future holds for telecom infrastructure and policy - and how the choices we make will determine that future.
My talk at Voip2day 2016 in Madrid (organised by Avanzada 7 in Malaga).
This talks cover recent trends in realtime communication, from VoIP to WebRTC and Internet of Things
Testing iOS apps without jailbreak in 2018SecuRing
Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
Cyber Security in 2017! What can Smart Buildings expect?.
These are the slides from a conversation with Billy Rios, Founder of WhiteScope LLC. We take a deep dive into the Mirai DDoS Attacks from last year and try to understand what lessons can be learnt going forward.
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Olle E Johansson
My talk at Voip2day 2014 in Madrid, Spain and Elastix World 2014 in Santiago, Chile. Asterisk is now 15 years old and the revolution has faded away and is now part of regular business. It's time to restart and look forward, build new things and include security by default. Security needs to be in focus for everyone in VoIP and realtime communication during the coming year.
WebRTC for Telco: Informa's WebRTC Global Summit PreconferenceTsahi Levent-levi
The preconference workshop I did at Informa's WebRTC Global Summit in London, 31st of March 2014
It is targeted at bringing people up to speed with what WebRTC is, how people and vendors are using it today and placing it also in the context of the telecom world (which is the focus of this specific conference).
Comprendre comment utiliser le web et les médias sociaux à son avantage et ce...Michelle Blanc
Conférence Comprendre comment utiliser le web et les médias sociaux à son avantage et celui de son entreprise dans le cadre de l’évènement Le rendez-vous d'affaires du Conseil de développement économique de l'Alberta (CDÉA) (commandité par le RDEE)
Cision Study: Gig Economy Media Reporting Disconnected from Worker RealityCision
Media coverage of America’s independent workers leans more positively than the conversation that actual workers have on social media, a new media analysis by Cision has found. The analysis found that while the media discusses growth in the independent workforce and its benefits for employers, workers discuss the difficulty in finding work, fears about their retirement and even loneliness.
To learn more about Cision software, visit Cision.com.
Presentation given by Chris Grundemann at ION Santiago in Chile on 28 October 2014.
Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), can be used in many applications other than Web browsers. In order to make the Internet more secure, TLS needs to be widely deployed by all kinds of applications across the Internet. In this session, we will help network operators understand how best to support the use of TLS-encrypted applications across their networks and address how operators can best support their networks and users once everything is encrypted.
DANE: The Future of Transport Layer Security (TLS)
Dan York (Internet Society)
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, a new protocol has emerged called “DANE” (“DNS-Based Authentication of Named Entities“), which allows you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
Lock it Up: TLS for Network Operators
Chris Grundemann (Internet Society)
Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), can be used in many applications other than Web browsers. In order to make the Internet more secure, TLS needs to be widely deployed by all kinds of applications across the Internet. In this session, we will help network operators understand how best to support the use of TLS-encrypted applications across their networks and address how operators can best support their networks and users once everything is encrypted.
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
Cyber Security in 2017! What can Smart Buildings expect?.
These are the slides from a conversation with Billy Rios, Founder of WhiteScope LLC. We take a deep dive into the Mirai DDoS Attacks from last year and try to understand what lessons can be learnt going forward.
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Olle E Johansson
My talk at Voip2day 2014 in Madrid, Spain and Elastix World 2014 in Santiago, Chile. Asterisk is now 15 years old and the revolution has faded away and is now part of regular business. It's time to restart and look forward, build new things and include security by default. Security needs to be in focus for everyone in VoIP and realtime communication during the coming year.
WebRTC for Telco: Informa's WebRTC Global Summit PreconferenceTsahi Levent-levi
The preconference workshop I did at Informa's WebRTC Global Summit in London, 31st of March 2014
It is targeted at bringing people up to speed with what WebRTC is, how people and vendors are using it today and placing it also in the context of the telecom world (which is the focus of this specific conference).
Comprendre comment utiliser le web et les médias sociaux à son avantage et ce...Michelle Blanc
Conférence Comprendre comment utiliser le web et les médias sociaux à son avantage et celui de son entreprise dans le cadre de l’évènement Le rendez-vous d'affaires du Conseil de développement économique de l'Alberta (CDÉA) (commandité par le RDEE)
Cision Study: Gig Economy Media Reporting Disconnected from Worker RealityCision
Media coverage of America’s independent workers leans more positively than the conversation that actual workers have on social media, a new media analysis by Cision has found. The analysis found that while the media discusses growth in the independent workforce and its benefits for employers, workers discuss the difficulty in finding work, fears about their retirement and even loneliness.
To learn more about Cision software, visit Cision.com.
Presentation given by Chris Grundemann at ION Santiago in Chile on 28 October 2014.
Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), can be used in many applications other than Web browsers. In order to make the Internet more secure, TLS needs to be widely deployed by all kinds of applications across the Internet. In this session, we will help network operators understand how best to support the use of TLS-encrypted applications across their networks and address how operators can best support their networks and users once everything is encrypted.
DANE: The Future of Transport Layer Security (TLS)
Dan York (Internet Society)
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, a new protocol has emerged called “DANE” (“DNS-Based Authentication of Named Entities“), which allows you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
Lock it Up: TLS for Network Operators
Chris Grundemann (Internet Society)
Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), can be used in many applications other than Web browsers. In order to make the Internet more secure, TLS needs to be widely deployed by all kinds of applications across the Internet. In this session, we will help network operators understand how best to support the use of TLS-encrypted applications across their networks and address how operators can best support their networks and users once everything is encrypted.
ION Cape Town, 8 September 2015 - If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, a new protocol has emerged called “DANE” (“DNS-Based Authentication of Named Entities“), which allows you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
Presentation given by Alvaro Retana at ION Santiago in Chile on 28 October 2014.
What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions, including bringing the IETF to Latin America in 2016.
In this presentation at the ENOG 6 event on October 2, 2013, Dan York explained how DNSSEC works, what DANE is and how it can increase the security of SSL/TLS and covered trends, tools and challenges in DNSSEC deployment. He also included a series of links to further resources and information.
WebRTC Workshop - What is (and isn't WebRTC)Oracle
A brief presentation on WebRTC and Standards delivered in Istanbul, at TAD Summit in a dedicated WebRTC Workshop. Topics include current status of WebRTC standard, a look at WebRTC supported browser, both on desktop and mobile devices
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
Building mobile apps in today’s highly dynamic environment comes with great uncertainty and risk. It’s imperative to make the right design choices early on. Poor architectural decisions can make or break an app. In this technical session, Shadi Saifan focuses on the architecture and design considerations critical for building a winning mobile application—regardless of the device, operating system, or language. Shadi compares and contrasts the fundamental technology choice of developing mobile browser-based apps, developing native apps, or employing cross-platform tools and hybrid frameworks. Then, he goes into depth on the most critical mobile architectural issues with a focus on performance, data access, security, and connectivity. Shadi discusses considerations for designing applications that are easy to maintain and upgrade—design factors that are often brushed over. Leave with a new understanding of the up-front mobile development decisions required for success in today’s environment.
Learning from the mistakes of the past and knowing where we stand at present will help us build the Internet video communication systems of the future. I present my point of view on the evolution, challenges and mistakes of the past, and, moving forward, describe the challenges in bridging the gap between web and VoIP. I highlight my contributions at various stages in the journey of Internet audio/video communication protocols.
WiFiSlax es una distribución GNU/Linux diseñada y estructurada para la auditoría de seguridad, especializada en evaluaciones de seguridad inalámbrica.
Contiene una amplia lista de herramientas de seguridad y auditoría donde se incluyen escáneres de puertos, de servicios y de vulnerabilidades, herramientas para creación y diseño de exploits, ‘sniffers’, herramientas de análisis forense y herramientas para la evaluación de la seguridad de dispositivos wíreless.
En esta presentación oficial de la versión 4.0 se mostrarán una serie de importantes cambios estructurales que han permitido al grupo de desarrolladores continuar innovando en cuanto al soporte hardware tal y como han hecho en sus anteriores versiones anticipándose al resto de distribuciones. Estos cambios les han permitido mantenerse en la vanguardia en las tecnologías inalámbricas.
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
MobileTea Boston presentation on getting started with WebRTC. Includes:
*References on major WebRTC deployments
*WebRTC use cases
*What WebRTC is
*Intro to the WebRTC API's
*How to start developing with WebRTC
*WebRTC scaling challenges
*Chad's favorite WebRTC resources
Similar to SIPNOC 2014 - Is It Time For TLS for SIP? (20)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Dan York
A talk I gave at Vermont CodeCamp 11 on September 28, 2019.
---- Abstract ----
How well do your applications or websites work over IPv6? As the world runs out of IPv4 addresses, new mobile networks are being deployed as “IPv6-only” with IPv6-to-IPv4 gateways at the edge of those networks. The result is that apps and sites that work natively over IPv6 will be faster for users than apps and sites stuck on only IPv4. Many leading services have already made this transition, and Apple now requires IPv6 for all apps in their AppStore. In this session, you’ll learn about tips and tools to successfully migrate your applications and sites to work over both IPv4 and IPv6. Bring your questions and concerns - and sharing of success stories would be welcome, too.
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?Dan York
In March 2015, I spoke at the 2015 Nonprofit Technology Conference (15NTC) on the topic of what the future of the Internet could be. More information about the session and the abstract can be found at: https://www.internetsociety.org/blog/public-policy/2015/02/speaking-nten-15ntc-conference-austin-about-our-choice-internet-futures
Warning: As you will see, these slides are done in the minimalist "Lessig style" and so there is not a great amount of value in these slides without hearing the actual session. Unfortunately there was no recording of the event.
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
This shows the results of the DNS team at the IETF 93 Hackathon in Prague on July 18-19, 2015. It includes links to the public repositories where code may be found.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry.
A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.
How IPv6 Will Kill Telecom - And What We Need To Do About ItDan York
How badly will IPv6 screw up telecommunications? Where are the areas of telecom that will see the greatest impact? And what can be done to fix it?
How badly will IPv6 screw up telecommunications? Where are the areas of telecom that will see the greatest impact? And what can be done to fix it?
With the recent buzz around World IPv6 Day and the exhaustion of top-level IPv4 address allocations, organizations are starting to seriously look at exactly what is involved with migrating to IPv6... and asking questions about what this means for all their VoIP and Unified Communications systems. Given that the reality is that a "IPv6-only" world is a distant future, questions are particularly being asked around how those telecommunications systems will work during the transition period from IPv4 to IPv6.
In this session, Voxeo's Dan York will explore where IPv6 and telecom play nice together and where there are serious minefields that may restrict telecom from working over IPv6
In this session, Voxeo's Dan York will explore where IPv6 and telecom play nice together and where there are serious minefields that may restrict telecom from working over IPv6
SIP, Unified Communications (UC) and SecurityDan York
At the Ingate Systems SIP and Unified Communications Workshop in Los Angeles on October 4, 2010, Dan York gave this overview of the security issues facing unified communications systems and other VoIP systems based on the SIP protocol. He covered many of the topics discussed in his book, the "Seven Deadliest Unified Communications Attacks" - http://www.7ducattacks.com/
ClueCon2009: The Security Saga of SysAdmin SteveDan York
This is a story of VoIP security, a disgruntled employee and the trouble that can be caused in an unsecured environment. The presentation is done in a minimalist style popularized by Professor Lawrence Lessig. The 248 slides were presented in about 15 minutes at ClueCon 2009 in Chicago on August 5, 2009. A video recording will be made available and an update will be posted here.
Do note that I did give an older version of this talk at ETel 2007 as "The Black Bag Security Review".
SIP Trunking & Security in an Enterprise NetworkDan York
How secure are your VoIP systems as you deploy SIP-based systems in an enterprise environment? In this slide deck presented by VOIPSA Best Practices Chair Dan York at the Ingate SIP Trunking Seminars at ITEXPO September 17, 2008, Dan York walks through the security issues related to VoIP (with a focus on SIP trunking), the tools out there to attack/test VoIP systems, best practices and resources. (An audio recording of this session was made and will be available.)
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLDan York
A presentation by Dan York at O\'Reilly\'s Open Source Convention (OSCON) 2008 in Portland, OR. In this presentation, the demonstrations show integrating voice with the open source microblogging service identi.ca.
Recording Remote Hosts/Interviews with VoIP/SkypeDan York
Presentation by Dan York at PodCamp Boston 2 on October 28, 2007, that explored the methods and VoIP technologies available to record remote hosts or interviews. The presentation specifically addressed Skype and spent a significant amount of time on how you physically wire a "mix-minus" with diagrams etc. The audio recording of the preso will be made available, most likely from http://www.disruptiveconversations.com/ and will eventually be synced to this slide set here.
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
Presentation by Dan York at AstriCon 2007 about how to secure VoIP systems with a focus on the Asterisk open source PBX. The presentation outlines the issues involved with VoIP security, the tools out there to attack/test VoIP systems, best practices to defend against attacks and ends with some specific security recommendations for Asterisk. Audio will soon be available at http://www.blueboxpodcast.com/ (and will be synced to this presentation).
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
At O'Reilly's 2007 Emerging Telephony conference in March 2007 in San Francisco, Dan York, Jonathan Zar and Shawn Merdinger presented a 90-minute workshop in which they discussed the threats to VoIP security, the tools out there to test/defend your network and the best practices for securing VoIP systems. A podcast audio recording of the workshop is available at http://www.blueboxpodcast.com/2007/03/blue_box_se_16_.html
Presentation by Jonathan Rosenberg at the IETF 68 meeting in Prague in March 2007 about the need for the creation of the BLISS (Basic Level of Interoperability for SIP Services) - Original presentation located here: http://www3.ietf.org/proceedings/07mar/slides/bliss-0.ppt
ETel2007: The Black Bag Security Review (VoIP Security)Dan York
VoIP security presentation given by Dan York of the VoIP Security Alliance (VOIPSA) at O'Reilly's Emerging Telephony 2007 conference on March 1, 2007. Slides really need to be viewed with the audio, which will be uploaded to Blue Box: The VoIP Security Podcast at http://www.blueboxpodcast.com/ soon.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
2. www.internetsociety.org/deploy360/
Dan York and VoIP/SIP
Mitel Networks, 2001 – 2007
• Chair, product security team
• Product manager, SIP software, teleworking
Voxeo, 2007-2011
• Cloud-based SIP operations
Blue Box: The VoIP Security Podcast, 2005-2008 - www.blueboxpodcast.com
Disruptive Telephony , 2006-present – www.disruptivetelephony.com
Author, Seven Deadliest Unified Communications Attacks, 2010
• www.7ducattacks.com
VoIP Security Alliance (VOIPSA), 2005-present
• www.voipsa.org
Internet Engineering Task Force (IETF), 2006-present
• Active in Real-time Applications and Infrastructure (RAI) working groups
Joined Internet Society in September 2011
3. www.internetsociety.org/deploy360/
About the Deploy360 Programme
The Challenge:
– The IETF creates protocols based on open standards, but
some are not widely known or deployed
– People seeking to implement these protocols are confused by
a lack of clear, concise deployment information
The Deploy360 Solution:
– Provide hands-on information on IPv6, DNSSEC, BGP and
TLS to advance real-world deployment
– Work with first adopters to collect and create technical
resources and distribute these resources to fast following
networks
4. www.internetsociety.org/deploy360/
Internet Society Deploy360 Programme
www.internetsociety.org/deploy360/
IPv6, DNSSEC, Securing BGP, TLS for Applications
knowledge base including tutorials, case studies, training
resources, etc.
Content specific to:
– Network Operators
– Developers
– Content Providers
– Consumer Electronics
Manufacturers
– Enterprise Customers
Blog posts
ION conferences, speaking, social media
9. www.internetsociety.org/deploy360/
Reasons for not using TLS with SIP
• Debugging
• Network Monitoring
• Performance
• Lack of Device/Application Support
• Cost
• Complexity
• No customer demand
6/10/14
14. www.internetsociety.org/deploy360/
RFC 7280 - Pervasive Monitoring Is an Attack
"The IETF community's technical assessment
is that pervasive monitoring (PM) is an
attack on the privacy of Internet users and organisations.
The IETF community has expressed strong agreement
that PM is an attack that needs to be mitigated where
possible, via the design of protocols that make PM
significantly more expensive or infeasible."
• http://tools.ietf.org/html/rfc7258 - May 2014
6/10/14
16. www.internetsociety.org/deploy360/
XMPP (Jabber) Community
• As of May 19, 2014, over 70
public XMPP operators and
developers have agreed to
ONLY accept TLS-encrypted connections
• https://github.com/stpeter/manifesto
• http://blog.prosody.im/mandatory-encryption-on-xmpp-
starts-today/
• https://xmpp.net/
6/10/14
25. www.internetsociety.org/deploy360/
And "Unified Communications" Isn't Unified…
6/10/14
Physical
WiringIP
Network
IP-PBX
Voicemail
PSTN
Gateways
Mobile
Devices
IM
Networks
Web
Servers
Email
Servers
Desktop
PCs
Operating
Systems
Firewalls
Internet
Directory
Servers
VoIP
CRM
Systems
Social
Networks
Database
Servers
Application
Servers
Session
Border
Controllers
27. www.internetsociety.org/deploy360/
We Have The Standards…
A partial list:
6/10/14
RFC 5280 X.509 Certificates and CRLs
RFC 5922 Domain Certificates in SIP
RFC 5923 Connection Re-use in SIP
RFC 6072 Certificate Management System for SIP
RFC 3711 Secure Real-time Transport Protocol (SRTP)
RFC 4568 SDP for SRTP
RFC 5763 Using SRTP with DTLS
RFC 6347 Datagram TLS (DTLS – "TLS for UDP")
28. www.internetsociety.org/deploy360/
We Have A Specification…
SIPconnect 1.1 requires TLS
www.sipforum.org/sipconnect
Caveat: Focused on SIP PBX to Service Provider
connection
6/10/14
34. www.internetsociety.org/deploy360/
The Typical TLS (SSL) Web Interaction
Web
Server
Web
Browser
https://example.com/
TLS-encrypted
web page
DNS
Resolver
example.com?
10.1.1.1231
2
5
6
DNS Svr
example.com
DNS Svr
.com
DNS Svr
root
3
10.1.1.123
4
35. www.internetsociety.org/deploy360/
The Typical TLS (SSL) Web Interaction
Web
Server
Web
Browser
https://example.com/
TLS-encrypted
web page
DNS
Resolver
10.1.1.1231
2
5
6
DNS Svr
example.com
DNS Svr
.com
DNS Svr
root
3
10.1.1.123
4
Is this encrypted
with the
CORRECT
certificate?
example.com?
37. www.internetsociety.org/deploy360/
DNS-Based Authentication of Named Entities
(DANE)
• Q: How do you know if the TLS (SSL) certificate is the
correct one the site wants you to use?
• A: Store the certificate (or fingerprint) in DNS (new TLSA
record) and sign them with DNSSEC.
A browser that understand DNSSEC and DANE will then
know when the required certificate is NOT being used.
Certificate stored in DNS is controlled by the domain name
holder. It could be a certificate signed by a CA – or a self-
signed certificate.
39. www.internetsociety.org/deploy360/
The DANE Protocol
• DANE defined in RFC 6698
• https://tools.ietf.org/html/rfc6698
• TLSA record contains either a certificate or the public
key of a certificate
• Four modes of certificate usage:
• 0 – "CA constraint" – limits which CA can be used for certificates
• 1 – "service certificate constraint" – specifies exact CA-signed
certificate
• 2 – "trust anchor assertion" – allows use of a new trust anchor (such
as a CA not included in the browser list)
• 3 – "domain-issued certificate" – use of self-signed certificate
6/10/14
40. www.internetsociety.org/deploy360/
DANE – Not Just For The Web
• DANE defines protocol for storing TLS certificates in DNS
• Securing Web transactions is the obvious use case
• Other uses also possible:
• Email via S/MIME
• VoIP
• Jabber/XMPP
• PGP
• ?
6/10/14
41. www.internetsociety.org/deploy360/
DANE Resources
DANE and SIP:
• http://tools.ietf.org/html/draft-johansson-dispatch-dane-sip
DANE and email:
• http://tools.ietf.org/html/draft-ietf-dane-smtp
• http://tools.ietf.org/html/draft-ietf-dane-smime
DANE Operational Guidance:
• http://tools.ietf.org/html/draft-dukhovni-dane-ops
Other uses:
• http://tools.ietf.org/html/draft-wouters-dane-openpgp
• http://tools.ietf.org/html/draft-wouters-dane-otrfp
42. www.internetsociety.org/deploy360/
DANE Resources
DANE Overview and Resources:
• http://www.internetsociety.org/deploy360/resources/dane/
IETF Journal article explaining DANE:
• http://bit.ly/dane-dnssec
RFC 6394 - DANE Use Cases:
• http://tools.ietf.org/html/rfc6394
RFC 6698 – DANE Protocol:
• http://tools.ietf.org/html/rfc6698
46. www.internetsociety.org/deploy360/
Three Requests For Network Operators
1. Require TLS for all SIP connections where possible
2. Support industry efforts to increase TLS usage
3. Help promote support of DANE protocol
• Allow usage of TLSA record. Let vendors and others know you want to
use DANE. Help raise awareness of how DANE and DNSSEC can make
the Internet more secure.
49. www.internetsociety.org/deploy360/
A Normal DNS Interaction
Web
Server
Web
Browser
https://example.com/
web page
DNS
Resolver
10.1.1.123
1
25
6
DNS Svr
example.com
DNS Svr
.com
DNS Svr
root
3
10.1.1.123
4
example.com
NS
.com
NS
example.com?
53. www.internetsociety.org/deploy360/
Attempting to Spoof DNS
Web
Server
Web
Browser
https://example.com/
web page
DNS
Resolver
10.1.1.123
DNSKEY
RRSIGs
1
25
6
DNS Svr
example.com
DNS Svr
.com
DNS Svr
root
3
SERVFAIL
4
Attacking
DNS Svr
example.com
192.168.2.2
DNSKEY
RRSIGs
example.com
NS
DS
.com
NS
DS
example.com?
55. www.internetsociety.org/deploy360/
DNSSEC Signing - The Individual Steps
Registry
Registrar
DNS Hosting Provider
Domain Name
Registrant
• Signs TLD
• Accepts DS records
• Publishes/signs records
• Accepts DS records
• Sends DS to registry
• Provides UI for mgmt
• Signs zones
• Publishes all records
• Provides UI for mgmt
• Enables DNSSEC
(unless automatic)
60. www.internetsociety.org/deploy360/
Three Requests For Network Operators (ISPs)
1. Deploy DNSSEC-validating DNS resolvers
2. Sign your own domains where possible
3. Help promote support of DANE protocol
• Allow usage of TLSA record. Let browser vendors and others know you
want to use DANE. Help raise awareness of how DANE and DNSSEC
can make the Internet more secure.
61. www.internetsociety.org/deploy360/
3 More Requests For SIP Network Operators
1. Think about how and where DNSSEC and DANE
could be potentially used
2. Experiment with the early implementations like Jitsi
and Kamailio
3. Share the ideas…
• Directly with me ( york@isoc.org ) or via email lists, online forums, etc.
• http://www.internetsociety.org/deploy360/dnssec/community/
(or let's make a new place for DNSSEC and VoIP)
62. www.internetsociety.org/deploy360/
Helping Accelerate DNSSEC Deployment
https://elists.isoc.org/mailman/listinfo/dnssec-coord
Public mailing list, “dnssec-coord”, available and open to all:
Focus is on better coordinating promotion / advocacy /
marketing activities related to DNSSEC deployment.
Monthly conference calls and informal meetings at ICANN
and IETF events.