A look at the world's dozen or so Tier one ISP's who run global networks and sell wholesale IP transit to national and regional 'tier two ISP's' is quite revealing when taking into account how their ranking evolved over the last five years. They peer with each other at selected locations while competing ferociously in an increasingly commoditized market. more
In a submission to the Joint Committee on Law Enforcement's inquiry into Impact of new and emerging information and communications technology, the Department of Home Affairs and Australian Criminal Intelligence Commission (ACIC) warn law enforcement will be degraded by a number of new technologies. more
The beginning of the year saw IPv6 added to the DNS root, closing a major hole for IPv6-only communication. In mid-year, the US federal government's IPv6 mandate came into effect, requiring all federal IP backbones to support IPv6. While the mandate didn't have anywhere near the effect that many had hoped for, it did spur many vendors to add IPv6 support to their products. The amount of observed IPv6 traffic increased considerably, but we still lack good data for how much IPv6 is being used. So, where were we at the end of 2008? more
The telecommunications industry has been around for quite some time. Whether you take it as a starting date the first efforts with the wired telegraph in the 1830's, or the telephone in the 1870's, this industry has been around for quite a long time. During this periods it has made huge achievements, and there is no doubt that the impacts of this industry have changed our lives in many ways... It is literally amazing that this industry has managed to preserve dial tone on telephone handsets while completely changing the underlying network and switching fabric of the telephone system numerous times. more
One of the pieces of infrastructure that makes all kinds of networks work and yet gets very little attention is the directory. Directories are big business. For example, there's directory of telephone numbers run by NeuStar, Inc. NeuStar has annual revenues of $92 million. Now, according to Light Reading, AT&T Corp. and MCI Inc., together with unidentified cable companies, telephone companies, and ISPs are preparing to form a Limited Liability Corporation (LLC) that will run a process to define a new company that will run ENUM. more
There have been lots of press stories in the last day reporting on what the Internet shutdown in Myanmar looked like for people there, and that's the important story. This is what it looked like to the rest of the world, from an Internet infrastructure standpoint. The connection between Myanmar and the rest of the world appears to be turned back on, at least temporarily. The 45 megabit per second circuit connecting Myanmar to Kuala Lumpur that is Myanmar's primary connection to the Internet came back up at 14:27 UTC today. It had mostly been "hard down," indicating either that it had been unplugged or that the router it was connected to was turned off, with the exception of a few brief periods since September 28. Myanmar's country code top level domain, .MM, disappeared... more
The folks at Renesys pointed out earlier this week some interesting activity surrounding the L-root name server, highlighting some activity that should give us all yet another reason to be concerned about the security and integrity of the Internet DNS... considering that a great deal of malware today tends to corrupt the DNS resolution path in order to further exploit compromised end-systems, and that corruption, or any other actual end-system compromise, might well be unnecessary if the root were compromised -- well, think of the possibilities! more
The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more
Network operators rely on guidance from IP address experts because not all IP addresses used on the Internet are the same. The "reputation" of email senders is especially important because some are malicious users of the system. But identifying "senders" based on their email addresses or the individual IP address of a user presents issues that are unnecessarily complex. more
I spend most of my time teaching engineers in different countries how to plan and deploy IPv6 networks. Over the last two years, I have been speaking more and more to non-engineers. These are either technology executives who sense that they need to do something about this "IPv6" thing, or government IT leaders who want to understand what the problem is and more importantly, what they could do. The most impactful part of these these exchanges is when I get these managers to understand the implications of IPv4 address exhaustion to their organisations. more
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
On the 6th June 2012 we held the World IPv6 Launch Day. Unlike the IPv6 event of the previous year, World IPv6 Day, where the aim was to switch on IPv6 on as many major online services as possible, the 2012 program was somewhat different. This time the effort was intended to encourage service providers to switch on IPv6 and leave it on. What has happened since then? Have we switched it on and left it on? What has changed in the world of IPv6 over the past 12 months? Who's been doing all the work? more
One of the most profoundly disruptive developments occurring in the cyber security arena today is the headlong rush by a set of parties to ubiquitously implement extreme End-to-End (e2e) encryption for communication networks using essentially unbreakable encryption technology. A notable example is a new version of Transport Layer Security (TLS) known as version 1.3. The activity ensues largely in a single venue... more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 3 of this series I began to discuss Cisco technologies as a standard for enterprise data security. In this article we take a look at how Cisco firewall and packet filtering technologies can be used at the network perimeter to enhance enterprise security. more
Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more