Robert Shaw: Security

Pakistan Government Orders ISP Service Level Agreements

Tue, 06 May 2003 12:50:08 GMT

Sean Donelan on Nanog has noted that Paknews.com is reporting that the Pakistan government is ordering ISP service level agreements. Pakistan has been suffering a 40 day Distributed Denial of Service (DDoS) attack, disrupting much of the Internet service in the country. The Pakistan Government, Minister for IT & Telecom, has "directed" the Pakistan Telecommunications Corporation to sign service level agreements to ensure 99% Internet availability. Over 200 official websites have been inaccessible for over three weeks.

DNS Root server operators presentation

Fri, 04 Apr 2003 07:18:11 GMT

The DNS root server operators have published the presentation (PDF) they recently made to the GAC at the Rio de Janiero ICANN meeting. The presentation (along with the recent CRADA report on root server architecture changes) emphasizes that since November 2002, zone transfers to the set of 13 root servers are not done from a.root-servers.net but rather a hidden master server. As they put it: The "A" server is not special.

Towards an International Convention on Cyber Security

Wed, 26 Feb 2003 12:14:25 GMT

The Hoover Institution at Stanford University has an online book available entitled: The Transnational Dimension of Cyber Crime and Terrorism. It includes a particularly interesting chapter entitled Towards an International Convention on Cyber Security (PDF) including draft convention text.

Proposal for a European Network and Information Security Agency

Wed, 26 Feb 2003 10:30:32 GMT

The establishment of national and international cybersecurity "watch and warning networks" is gaining political capital among governments. The recently released US National Strategy to Secure Cyberspace (PDF) identified as one strategic initiative to "[f]oster the establishment of national and international watch-and-warning networks to detect and prevent cyberattacks as they emerge". In a related effort, the European Commission has also called for the establishment of a European Network and Information Security Agency (Word: English, French, German).

CAIDA: The Spread of the Sapphire/Slammer Worm

Tue, 25 Feb 2003 12:53:43 GMT

CAIDA: The Spread of the Sapphire/Slammer Worm

US Releases US National Strategy to Secure Cyberspace

Fri, 14 Feb 2003 19:31:56 GMT

The US Administration has released its National Strategy to Secure Cyberspace (PDF).

Sapphire/Slammer Worm: Impact on Internet Root Server Performance

Fri, 14 Feb 2003 09:53:09 GMT

Sapphire/Slammer Worm: Impact on Internet Performance by James Aldridge, Daniel Karrenberg, Henk Uijterwaal and René Wilhelm, New Projects Group / RIPE NCC, including a report on Internet root server performance. The report shows two root servers (b.root-servers.net at USC Information Sciences Institute in California and g.root-servers.net at the U.S. DOD Network Information Center in Virginia) were significantly affected.

Legal Intercept in IP Networks

Thu, 13 Feb 2003 09:47:05 GMT

[via Nanog]: Very interesting talk on legal intercept in IP networks by Jaya Baloo at the the HiverCon corporate security conference held in Dublin, Ireland on November 26th and 27th, 2002: Lawful Interception of IP Traffic in the European Context.

More Mirrors of F Root Server

Tue, 11 Feb 2003 08:47:06 GMT

Internet Software Consortium Press Release: "TELEHOUSE America ...and Internet Software Consortium ...will jointly establish mirrors of the F-root DNS name root server at two TELEHOUSE America locations.... in its New York International Internet Exchange (NYIIX) and Los Angeles International Internet Exchange (LAIIX)." [via icann.Blog]

Internet Global Early Warning Information System

Fri, 31 Jan 2003 18:27:56 GMT

Further to an October 2002 Computerworld article, today's Washington Post writes that the Bush administration is quietly assembling an Internet-wide monitoring center to detect and respond to attacks on vital information systems and key e-commerce sites, called the Global Early Warning Information System (GEWIS).

In Net Attacks, Defining the Right to Know

Thu, 30 Jan 2003 07:28:47 GMT

In Net Attacks, Defining the Right to Know "The impact was worse overseas, with major problems reported in South Korea and Japan. In Finland, the telephone system was affected." [New York Times: Technology]

A Crime Wave Festers in Cyberspace

Tue, 28 Jan 2003 12:55:04 GMT

Cybercrime, long a painful side effect of the innovations of Internet technology, is reaching new dimensions, security specialists say. [International Herald Tribune]

Impact of Worm on Root Name Service Argues for Anycasting

Tue, 28 Jan 2003 12:49:55 GMT

Daniel Karrenberg on the inpact of the SQL worm on DNS root name service: "A further tentative conclusion is that this data (again) supports the case for distributing root service across the Internet using IP anycasting." For more explanation of anycasting, see here "More anycasting of the F root server", "Anycasting the root name servers" and "Distributing the K-Root Service by Anycast Routing" [via icann.blog.us].

Computer worm grounds flights, blocks Bank of America ATMs

Sun, 26 Jan 2003 12:09:22 GMT

From [CNN.COM] article on Saturday Internet attack: "A fast-moving computer worm snarled business and government computers Saturday, slowing some corporate systems to the point of inaccessibility. Internet security experts said the worm does not appear to have done any serious damage." A quick technical analysis of the worm is available here. See NANOG archives for much discussion.

More anycasting of the F root server

Tue, 21 Jan 2003 10:52:39 GMT

The Internet Software Consortium has announced they've come to agreement with the Spain Internet Exchange (EspaNix) to anycast the F root server in Madrid. For more info on anycasting on this site, see "Anycasting the root name servers" and "Distributing the K-Root Service by Anycast Routing". This follows on from their announcement in November 2002 to create F server mirrors in the Asia-Pacific region. Update: APNIC today (January 23, 2003) made a Call for Expressions of Interest for the support of APNIC Points Of Presence in the Asia Pacific region, including potentialhosting of instances of the F root server. APNIC has also provided a root server trial FAQ.

Implementation Plan for OECD Guidelines for the Security of Information Systems and Networks

Thu, 16 Jan 2003 15:54:59 GMT

Last July 2002, the OECD updated its Guidelines for the Security of Information Systems and Networks. Last week they made available a related suggested Implementation Plan (PDF), which most significantly, makes specific suggestions on the exact role of government in fostering and promoting security.

Wi-Fi spectrum battle pits antiterrorism efforts against commercial growth

Wed, 01 Jan 2003 13:35:05 GMT

[Computerworld] Wi-Fi spectrum battle pits antiterrorism efforts against commercial growth: "The U.S. position paper, submitted to the ITU at its November meeting in preparation for the ITU's World Radio Conference (WRC) in June, which will make the spectrum decisions, endorses a global allocation for WLANs in the 5.150-5.350 band as long as radars are protected by a technique know as Dynamic Frequency Selection (DFS), which shuts down WLAN transmissions when a radar signal is detected."

Conference on SPAM Filtering: January 17, 2003

Tue, 17 Dec 2002 15:23:21 GMT

SPAM Conference: Cambridge, MA on January 17, 2003 at the first conference on spam filtering. List of speakers.

"The scale and effect of the spam epidemic leads us to suggest that spam is no longer simply a nuisance, but is a type of information security problem."

GIP also held a workshop on SPAM in summer 2002 and the presentations can be found here.

Interview with Bill Hancock on Security

Fri, 06 Dec 2002 11:52:25 GMT

Very frank interview on cybersecurity issues at Telecom Asia with Bill Hancock, Cable & Wireless Internet Services chief security officer and chairman of the FCC's NRIC Homeland Defense focus group. Dr. Hancock also gave a presentation on National Infrastructure Protection Issues (PDF) at our Creating Trust in Critical Network Infrastructures workshop held in Seoul, Korea, in May 2002.

Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues

Thu, 05 Dec 2002 11:43:05 GMT

Special report from CERT/CC: Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues (PDF). "It is clear that tracking and tracing attackers across a borderless cyber-world, and holding them accountable, requires multilateral actions that transcend jurisdictions and national boundaries."

Sealand news

Wed, 10 Jul 2002 08:48:27 GMT

BBC News has an interesting update on Sealand, the offshore data haven based on an old concrete anti-aircraft tower off the east coast of England. Slashdot also has a related discussion thread.

Anycasting the root name servers

Mon, 08 Jul 2002 13:52:35 GMT

The Internet's root name servers are seen as a possible soft target for distributed denial of service (DDOS) attacks (in fact, they already are as described in this paper). A possible method to deal with this vulnerability that's getting some serious consideration is the use of IPv4 anycasting, as first conceptualized in RFC 1546. A recently released primer on anycast from Cisco can be found here (PDF). The application of anycasting to providing DNS services was explored in a number of Internet drafts which eventually became the informational RFC 3258: Distributing Authoritative Name Servers via Shared Unicast Addresses. RFC 3258 describes how authoritative name servers with the same IP address could be replicated at different locations. The route to these servers would be advertised for each location and the routing protocols would direct traffic to the topologically nearest server. As an example of how anycasting for the root name servers could possible work, there's already a project, named AS112, that uses anycast to distribute the load for bogus requests for private address space (as described in RFC 1918, also see description of problem here). A possible benefit of using anycast for the root name service is that it may solve both some technical security issues as well as some political issues (i.e., better geo-political distribution of the root name servers). On the other hand, it may make it much harder to deploy DNSSEC. It'll be interesting to watch this play out...

Spyware, adware: the enemy within

Tue, 25 Jun 2002 08:55:52 GMT

News.com has a special report on spyware and adware being surreptitiously installed on users' PCs: "The Wild West days of cyberspace are over--and, like it or not, it's time for government to change its laissez-faire attitude toward the Internet and create laws that clearly prevent unscrupulous businesses from preying on unsuspecting consumers and seizing control of computers."

The Council of Europe’s Convention on Cybercrime

Sun, 23 Jun 2002 21:30:00 GMT

Two years ago today right here in Bucharest, following a meeting on the topic of "Police of the XXIst century : Strengthening the protection of citizens' rights and new international threats against security", the conclusions of the meeting noted that "a Convention on Cyber Crime is in an advanced stage of preparation within the Council of Europe and call for the adoption of this Convention without delay". Since then a lot has happened. The Council of Europe's Convention on cybercrime is now the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception. Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation. The Convention is the product of four years of work by Council of Europe experts, but also by Canada, Japan, the United States and other countries, who are not members of the organization. It is somewhat unusual in that it is open to signature and accession by non-EU member states.

Korea Fights SPAM

Sun, 23 Jun 2002 20:29:24 GMT

Korea has the highest Internet broadband penetration per capita in the world and by a very large margin (the runner-ups are not even close). It's always interesting to look at how technology leaders address policy issues as it indicates where other countries might be heading. For example, as I explained in my earlier mention of "Cyber-Crime and Cyber-Terrorism in Korea", the government is attacking a wide range of hacking and cyber-crime issues. In its latest initiative, this article in the Korea Herald explains how the the Korean Ministry of Information and Communication has now unveiled plans for tough new laws dealing with SPAM.