Blunder Dome Sighting  

Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Click for Blog Feed
Blog Feed

Recent Items
Flaws in Genuine Software Still Exploitable in Tru...
A Secure RFID-Identification Protocol?
How Effective Is Your Software QA?
An Entirely New Way of Designing Systems?
Trust Points and Trust Issues
How Do We Safely Orient for Aspects?
Conquering the Business-Application Life Cycle
FLINT for bug-free, secure, and reliable software....
TRUST 2: Proliferation of COTS in Critical Infrast...
TRUST: Team for Research in Ubiquitous Secure Tech...

This page is powered by Blogger. Isn't yours?

Locations of visitors to this site
visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
Millennia Antica: The Kiln Sitter's Diary
nfoWorks: Pursuing Harmony
Numbering Peano
Orcmid's Lair
Orcmid's Live Hideout
Prof. von Clueless in the Blunder Dome
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
DMA: The Document Management Alliance
DMware: Document Management Interoperability Exchange
Millennia Antica Pottery
The Miser Project
nfoCentrale: the Anchor Site
nfoWare: Information Processing Technology
nfoWorks: Tools for Document Interoperability
NuovoDoc: Design for Document System Interoperability
ODMA Interoperability Exchange
Orcmid's Lair
TROST: Open-System Trustworthiness



Uh, lemme see, I'm gonna hack my router and expose my residential LAN to the Internet ... Not.

Joi Ito's Web: Earthlink R&D shows that IPv6 can be easy.  Joi Ito notices a great announcement on migration of some routers to IPv6 in a way that preserves IPv4 and NAT and allows you to have serious IPv6 addressing of machines on your LAN.  Typically, you’ll need a recent operating system release, such as Windows XP or OSX or Linux that tends to support a dual stack and/or tunneling of one through the other.

The nice thing is being able to have a block of permanent IP addresses.  I am not sure I know how to get my ISP (I’m on DSL) and border systems to route them to me, and I have a lot more questions before I’m willing to try it.

First, let me say this is great news.  As recently as Spring 2004, while I was in an M.Sc in IT Computer Communications course, it looked like the disruption of our in-place systems and all of those small routers and nodes, just for an IPv6 migration ,was near-insurmountable.  We have an interim scheme (IPv4 with NAT) that works so well there is not a strong business need to fix it in North America.  It’s not that broke that we need to fix it, and the migration has no benefit until it is done.  That’s like setting a time-bomb in Visual Basic 6.0.  Nobody wants to spend the money just to stand still.

What about transitional security?  My concern is two-fold.  I don’t think I want to install any research-center’s firmware upgrade on my Linksys residential router and firewall without giving it a good hard think.  This is primary infrastructure stuff, and I am not sure I see all of the pieces in place to put my trust in (l) not knowing what’s running in my first-line of network protection at the border to my SOHO LAN, and (2) exposing my systems to IP addresses that are addressable by anyone who sniffs for them.  I’m certain that I don’t have appropriate safeguards for what happens when that avenue of attack succeeds against some system inside the residential firewall.

How Is That Any Worse Than What We’ve Got?  My point.  We’ve been prepped to expect that IPv6 will solve our infrastructure (that is, basic Internet and IP) security problems as well as provide fixed addresses for every wandering mote on the planet.  (I’m assuming that not everyone gets a block of addressses as big as Mr. Blog reports, or we’ll run out of those faster than IPv4 addresses.)  Now that it looks like we don’t have to have a planetary Sunday in Sweden to switch over and some big bumps seem to have been smoothed out, let’s get the security and safety part down pat while we have the opportunity.  That will take more than the common assertion that IPsec is the answer.

I really don’t know what’s running in my residential router now, do I?  Do you (in mine or yours)?  Perhaps it is time to raise the bar on how we establish trustworthiness for those fixtures we’ve been accustomed to accepting without question.  And then there’s the trustworthiness of the way we integrate all of this beneath the useful applications that is what we’re really interested in, and what that does to the vulnerability picture.

I’m going to take my time on this one before I go skipping naked through the jungle that the Internet has become.  I think I’ll keep those torches stacked near the cave mouth and be careful not to let the fire got out at night, thank you very much [;<).

Construction Structure (Hard Hat Area) You are navigating Orcmid's Lair.

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 10-04-30 22:33 $
$$Revision: 21 $