Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: Country and Region Report

Published: 2012-06-01
Last Updated: 2012-06-01 19:17:31 UTC
by Adam Swanger (Version: 1)
0 comment(s)

Overview
As a quick follow on to last weeks feature Country Report, today we'll take a look at the Country list page at https://isc.sans.edu/country.html. This page lists country, region and total reports by date with option to limit by port number. Also, this links to Region Report at https://isc.sans.edu/regionreport.html for overall reports per region with date and port criteria.

Features
Usage text at the top explains a few points of the page and here's the details

  • Choose the date for data you want to display on the page then click Update. Default is the current day.
  • Enter port number if you want to restrict then click Update.
  • Click column header to sort by column. Click again to reverse sort order.
    • Country: result linked to https://isc.sans.edu/countryreport.html for details
    • Region: Limit to a specific region by choosing from drop-down and clicking Update. Click the region abbreviation to go to Region Report page which gives total reports per region with similar criteria options.
    • Reports: Total reports for country row based on date/port criteria

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

 

Keywords: ISC Feature
0 comment(s)

What Does "IPv6 Day" mean to you?

Published: 2012-06-01
Last Updated: 2012-06-01 14:40:51 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

the Internet Society has declared this coming Wednesday, June 6th, "IPv6 Day" [1]. We had a similar IPv6 day last year, but this year things will be a bit different. First of all, like last year, numerous large web sites declared their participation in IPv6 day.

As of June 6th, participating web sites will be reachable via IPv6, and they will remain reachable via IPv6 beyond June 6th. Last years IPv6 day was different in that it only lasted one day, and IPv6 connectivity was disabled the next day. Last year was more of a trial run and based on it's success, it was decided to maintain IPv6 connectivity beyond IPv6 day this year. 

So what does this all mean? First of all, the web sites in question will still be reachable via IPv4. However, if you do have some form of IPv6 connectivity, you will likely use IPv6 to reach them (see my "Happy Eyeballs" video about some of the odd issues that may arise . https://isc.sans.edu/ipv6videos/HappyEyeBalls/index.html )

If you are using an IPv6 tunnel, or in particular if your operating system decides to auto-configure a tunnel, you may see some degradation in speed and reliability. It is time to get a native IPv6 connection. I know most of you can't get it. But this is another problem... "Teredo" connections will not be used if IPv4 connectivity is available.

Get ready to secure your IPv6 network. Right now, IPv6 is a blind spot to many detective controls. Don't consider IPv6 a threat. Use it as an opportunity. There are a lot of neat things you can do in IPv6 to secure your network better. But get on it and learn about it now.

In the end, we do need IPv6. IPv4 was designed as a research network for the 70s/80s. It has outlived its purpose. The current global business network we call the Internet can not continue to run and grow much. Already, we are running into issues not just with address utilization, but also with routing efficiency, integration of modern networking paradigms like mobility, modern hardware opportunities that make IPv4 inefficient. I consider it like the DC power grid as a nice starter network that helped us get going, but in the end, AC was the way to go to actually create large efficient power grids that jump started so many great innovations.

We do also have a special summit coming up: The Security Impact of IPv6. See http://isc.sans.edu/ipv6 .

[1] http://www.worldipv6day.org/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: ipv6 ipv6 day
1 comment(s)

Apple Releases iOS Security Specs

Published: 2012-06-01
Last Updated: 2012-06-01 14:25:14 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple released a nice document with details about iOS 5 security features. The document is NOT a hardening guide. Instead, it provides more insight into the iOS architecture and sandboxing feature, as well as lists of available security features.

This document should be read by anybody working on an iOS hardening guide to better judge the risks associated with iOS and various settings within iOS. One problem with standard hardening guides is that some of them may be too restrictive for your environment, and you should always customize them to your needs. The Apple documents will allow you to make more intelligent choices as to what hardening features to apply.

[1] http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
[2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml

(A google search for "iOS hardening guide" will lead to a large number of relevant hardening guides you can use as a starting point for your own).

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: apple ios
0 comment(s)
ISC StormCast for Friday, June 1st 2012 http://isc.sans.edu/podcastdetail.html?id=2572
Diary Archives