security

25 October 2019 at 11:49am

BEREC clarifies that permanent network security measures may be OK

Andrew Cormack
Network Neutrality
DDOS
security
Four years ago, Jisc responded to the Board of European Regulators of Electronic Communications (BEREC) consultation on network neutrality to point out that some security measures cannot just be temporary responses by the victims of attacks, but need to be permanently configured in all networks to prevent them being used for distributed denial of service and other attacks. This applies, in particular, to blocking of spoofed addresses, as recommended by BCP-38.
Read more
11 July 2019 at 10:23am

The Big Bad Smart Fridge

Andrew Cormack
Internet of Things
security
#FirstCon19
Leonie Tanczer's FIRST 2019 keynote (recording now available on YouTube) looked at more than a decade of European discussions of whether/how to regulate the Internet of Things (no, I didn't realise, either) and how we might do better in future.
Read more
11 July 2019 at 10:22am

Rebuilding trust in the Internet's building blocks

Andrew Cormack
security
network
#FirstCon19
Merike Kaeo's keynote "Waking Up the Guards" at the FIRST 2019 conference (recording now available on YouTube) highlighted how attacks on the internet core no longer target a single service (naming, routing, signing) but move between these to achieve their hostile result.
Read more
12 July 2019 at 4:58pm

Reducing your vulnerability to insider threat

Andrew Cormack
#FirstCon19
security
Monica Whitty's keynote at the FIRST Conference (recording available on YouTube) used interviews at organisations that had been victims of insider attacks to try to understand these attackers – and possible defences – from a psychological perspective.
Read more
16 February 2017 at 3:22pm

Janet and the Internet of Things

Andrew Cormack
Internet of Things
security
Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of act
Read more
31 August 2016 at 2:12pm

Net Neutrality: BCP-38 Seems OK

Andrew Cormack
Net Neutrality
security
DDOS
The Board of European Regulators of Electronic Communications (BEREC) have now released the final version of their net neutrality guidelines, following a public consultation that received nearly half a million responses. These seem to have resulted in clarifications of the draft version, rather than any significant change of policy.
Read more
5 July 2016 at 8:32am

Network Neutrality and Network Security

Andrew Cormack
Network Neutrality
security
DDOS
A new EU law, created earlier this year, requires public network providers to ensure "network neutrality" – roughly, that every packet be treated alike unless there are legitimate reasons not to.
Read more
16 June 2016 at 11:00pm

Taking care of domain names

Andrew Cormack
security
DNS
Domain Names
#FIRSTcon16
At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their own domains on registrars' web portals.
Read more
14 June 2016 at 10:50am

Information Sharing: Learning from Social Networks

Andrew Cormack
#FIRSTcon16
information sharing
security
Information sharing is something of a holy grail in computer security. The idea is simple enough: if we could only find out the sort of attacks our peers are experiencing, then we could use that information to protect ourselves. But, as Alexandre Sieira pointed out at the FIRST conference, this creates a trust paradox.
Read more
1 April 2016 at 4:25pm

Learning from Software Vulnerabilities

Andrew Cormack
security
Software Vulnerabilities
vulnerability management
#nws16
The slides from our Networkshop session on Learning from Software Vulnerabilities are now available. All three talks showed how managing the process of finding, reporting and fixing vulnerabilities can improve the quality of software and the security of our systems.
Read more
Subscribe to security