Выбрать язык

Выбрать язык | Show only

Русский | English

суббота, 29 октября 2016 г.

IPv6 Security: to NAT or not to NAT?

It was interesting article on SGNOG3 conference in Singapore presented with the topic Security in an IPv6 World: Myths and Reality.

In spite of a large useful information amount I found one slide pointed NAT as a "myth" of security. It also points that NAT can even reduce security and statefull firewall is a Bruce Willis for IPv6.

It is a point for discussion.

It is clear that NAT and other technologies is not a "secure all" button. It is a tool. One can use it in a right way and another may use it in a wrong way. So it is possible to increase and decrease security level using the same technology with different approach.

Let's examine firewall. It is a security device and it must make network safer if used. If you swap some L3 device in the network part to stateful firewall you don't become protected a lot with its' default functions. If you don't use ACL, uRPF and another features you can feel a false safety. This state of the false safety is a very harmful factor. It is the same situation as if some man buys a gun to protect himself but he can't shoot psychologically. The result may be more tragic than in the case of gun absense.

понедельник, 10 октября 2016 г.

Защита от DDoS подручными средствами. Часть 3. SNMP Amplification

По согласованию с редакцией журнала публикую свою статью "Защита от DDoS подручными средствами. Часть 3. SNMP Amplification" из номера 164-165 (июль-август 2016) выпуска журнала "Системный администратор".

Чтобы сделать свой вклад в защиту всемирного киберпространства от DDoS, совсем не обязательно покупать дорогостоящее оборудование или сервис. Любой администратор сервера, доступного из Интернет, может поучаствовать в столь благородном деле без дополнительных материальных вложений, используя только знания и немного времени.

Рассмотрим DDoS-атаки типа "усиление"(amplification) с использованием сервиса

четверг, 6 октября 2016 г.

Protect You and Others from DDoS. Make Your Network "Cleaner" Part 1. DNS Amplification

This article was published in the May issue of the "System Administrator" journal (Russian). Original text is also available in Russian.

If you want to make a contribution to the wold-wide cyberspace security and DDoS-protection it is not necessary to buy expensive equipment or service. Any Internet-faced server admin may participate in such a noble action with no additional money but time and knowledge investment only.

Let's analyze DDoS-attacks type "amplification" using DNS.