Short Take: Security as a Tradeoff
We often treat security as an absolute, "that which must be done, and done perfectly, or is of no value at all." It's time to take this myth head on, and think about how we
Research: Bridging the Air Gap
Way back in the old days, the unit I worked at in the US Air Force had a room with a lot of equipment used for processing classified information. Among this equipment was a Zenith
RIPE NCC: The Future of BGP Security
I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion
Side Channel Attacks in the Wild: The Smart Home
Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren't familiar with the
Short Take: Side Channel Attacks
In this short take, recently posted over at the Network Collective, I discuss what a side channel attack is, and why they are important.
Network Collective: Securing BGP
Yet another protocol episode over at the Network Collective. This time, Nick, Jordan, Eyvonne and I talk about BGP security.
On the ‘net: Spectre, Meltdown, and Flexible Scaleout
The recent Meltdown and Spectre attacks illustrate the problematic nature of modern computing systems. While the earlier Rowhammer attack could read or attack one process running in a virtual environment from another process running on
Giving the Monkey a Smaller Club
Over at the ACM blog, there is a terrific article about software design that has direct application to network design and architecture. The problem is that once you give a monkey a club, he is
The Overoptimization Meltdown
In simple terms Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month's worth of payroll. There are two roads the coach
Flowspec and RFC1998?
In a recent comment, Dave Raney asked: Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in
Meltdown and Spectre (Updated)
Replaced by this page.
Several on KRACK
Three articles of interest on the new WiFi KRACK— This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug). When a client connects to the network, the access-point
OneLogin and Password Managers
An interesting incident this last week brings password managers back to the front of the pile— OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it
Reading List: WannaCry and Ransomware
A good bit has been written about the recent WannaCry outbreak over the last few weeks; rather than stringing the best out through Worth Reading posts, I have collected the three best posts on the
Notes on the FCC and Privacy in the US
I've been reading a lot about the repeal of the rules putting the FCC in charge of privacy for access providers in the US recently—a lot of it rising to the level of hysteria and
Distributed Denial of Service Open Threat Signaling (DOTS)
When the inevitable 2AM call happens—"our network is under attack"—what do you do? After running through the OODA loop (1, 2, 3, 4), used communities to distribute the attack as much as possible, mitigated the
Don’t Leave Features Lying Around
Many years ago, when multicast was still a "thing" everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control
Into the Gray Zone: Considering Active Defense
Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the
Reaction; Do we really need a new Internet?
The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters.
Blocking a DDoS Upstream
In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post
Mitigating DDoS
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you
Dispersing a DDoS: Initial thoughts on DDoS protection
Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are
Traffic Pattern Attacks: A Real Threat
Assume, for a moment, that you have a configuration something like this— Some host, A, is sending queries to, and receiving responses from, a database at C. An observer, B, has access to the packets
On the ‘net: BGP Security, LACNOG 26
BGP security: where we are now, where we are going, as presented at LACNOG 26 in November of 2016.
Reactive Malicious Domain Detection (ENTRADA)
One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at
Reaction: DevOps and Security
Over at TechBeacon, my friend Chris Romeo has an article up about DevOps and security. It's interesting to me because this is actually an area I'd never thought about before, even though it makes sense.
Split Tunnel Insecurities
I really dislike corporate VPNs that don't allow split tunneling—disconnecting from the VPN to print on a local printer, or access a local network attached drive, puts a real crimp in productivity. In the case
On differential privacy
Over the past several weeks, there's been a lot of talk about something called "differential privacy." What does this mean, how does it work, and... Is it really going to be effective? The basic concept
DNS Cookies and DDoS Attacks
DDoS attacks, particularly for ransom—essentially, "give me some bitcoin, or we'll attack your server(s) and bring you down," seem to be on the rise. While ransom attacks rarely actually materialize, the threat of DDoS overall
BGP Security and SPAM
Spam might seem like an annoyance in the US and other areas where bandwidth is paid for by the access rate—and what does spam have to do with BGP security? In many areas of the
Thinking about side channel attacks
When Cyrus wanted to capture Babylon, he attacked the river that flows through the city, drying it out and then sending his army under the walls through the river entrance and exit points. In a
Securing BGP: A Case Study
What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve? This series of posts walks through a wide range of technical and business
Securing BGP: A Case Study (10)
The next proposed (and actually already partially operational) system on our list is the Router Public Key Infrastructure (RPKI) system, which is described in RFC7115 (and a host of additional drafts and RFCs). The RPKI
Securing BGP: A Case Study (9)
There are a number of systems that have been proposed to validate (or secure) the path in BGP. To finish off this series on BGP as a case study, I only want to look at
Securing BGP: A Case Study (8)
Throughout the last several months, I've been building a set of posts examining securing BGP as a sort of case study around protocol and/or system design. The point of this series of posts isn't to
Securing BGP: A Case Study (7)
In the last post on this series on securing BGP, I considered a couple of extra questions around business problems that relate to BGP. This time, I want to consider the problem of convergence speed
Securing BGP: A Case Study (6)
In my last post on securing BGP, I said— Here I’m going to discuss the problem of a centralized versus distributed database to carry the information needed to secure BGP. There are actually, again, two
Rethinking BGP path validation (part 2)
This is the second post in the two part series on BGP path validation over on the LinkedIn Engineering blog. We left off last time after having described the eight operational requirements that must be
Should We Stop Encryption? Can We?
It's not like they're asking for a back door for every device. If the world goes dark through encryption, we'll be back to the wild west! After all, if it were your daughter who had
Reaction: More Encryption is Bad?
This week I was peacefully reading the March 9th issue of ACM Queue when I received a bit of a surprise. It seems someone actually buys the "blame the victim" game, arguing that governments are
Securing BGP: A Case Study (4)
In part 1 of this series, I looked at the general problem of securing BGP, and ended by asking three questions. In part 2 and part 3, I considered the third question: what can we
Rethinking Path Validation
https://www.youtube.com/watch?v=x9akH7TpZ5c&feature=youtu.be This is my talk on BGP security from the latest NANOG. Some of the questions I discuss in this talk, and some of the solutions, interact with the series I currently have running on
Securing BGP: A Case Study (3)
To recap (or rather, as they used to say in old television shows, "last time on 'net Work..."), this series is looking at BGP security as an exercise (or case study) in understanding how to
Securing BGP: A Case Study (2)
In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually
Securing BGP: A Case Study (1)
What would it take to secure BGP? Let's begin where any engineering problem should begin: what problem are we trying to solve? In this network—in any collection of BGP autonomous systems—there are three sorts of
Anonymity isn’t a bug
Despite the bad rap it sometimes gets, anonymity – and anonymity technology – is used all the time by everyday people. Think about it: just walking in a park without being recorded or observed or
Castle versus Cannon: It’s time to rethink security
In case you're confused about the modern state of security, let me give you a short lesson. Your network is pictured to the left. When I first started working on networks in the USAF we
Information wants to be protected: Security as a mindset
I was teaching a class last week and mentioned something about privacy to the students. One of them shot back, "you're paranoid." And again, at a meeting with some folks about missionaries, and how best
Understanding Rowhammer
As I learned in my early days in electronics, every wire is an antenna. This means that a signal in any wire, given enough power, can be transmitted, and that same signal, in an adjacent