System iNetwork

General

July 14, 2005

Important IPv6 Conference This September in San Jose, CA

The momentum toward IPv6 migration is picking up, as indicated by the extensive agenda at the North American IPv6 Technology Conference 1. Scheduled for September 19 - 22 at the San Jose State University campus, the conference kicks off with a day of tutorials to give IPv6 acolytes a solid footing in IPv6 practicalities. Then follows an intensive three-day blast of sessions on technology, transition planning, and deployment issues relating to IPv6. But the gem of the conference has got to be the tutorials day.

The tutorials provide a roadmap for implementing IPv6 in the enterprise, beginning with trasitioning the LAN to IPv6. The morning sessions explain the support mechanisms you need to have in place before enabling IPv6, how to gracefully migrate from an IPv4-only LAN to one where IPv4 and v6 coexist, and how to deal with transitory security issues that arise in a mixed v4/v6 network.

The second half of the day describes the details of enabling IPv6 on host systems -- both servers and workstations -- and how you can take advantage of IPv6 enhancements to mobile, multicast, and QoS service. IPv6 actually greatly simplifies network administration, eliminating, for example, the need for DHCP IP address assignment, since the IPv6 local address is created automatically from a device's Ethernet hardware address.

After IPv6 host enablement, you'll need to know what upgrades are required in enterprise software dealing with IP addresses: DNS, email, and other network-aware applications. The bulk of the afternoon material deals with such software issues.

At the end of the tutorials, you'll be well equipped to begin planning your own IPv6 migration, whether you choose to stay for the rest of the conference or not. At just $100 for the day, the tutorial session should be a no-brainer for anyone serious about enhancing their IPv6 expertise.

The conference proper, however, has a great slate of material that will interest enterprise network administrators. Perhaps the most important issue facing IPv6 is the business case for moving to it, a topic tackled in a session entitled "IPv6 Business Value Proposition." Several case studies describing in-progress network migrations by the likes of Northrop Grumman, Lockheed Martin, and BAE Systems can surely be mined by any prospective enterprise IPv6 guru. A session on IPv6 security tools also promises to deliver practical value.

A Solutions Demo area will let you get your hands on living, breathing (and working) IPv6 goodies.

I hope to see you there!

http://IPv6Conference.com

Posted by mbeckman on July 14, 2005 at 9:13 AM | Comments (0)

March 1, 2005

Windows XP SP2: Is It Safe?

According to a Denver Post story today, network security developer StillSecure recently conducted a "honeypot" test, in which it put out-of-the-box computers running Linux, Mac OS X, and Windows XP SP1 and SP2 on unprotected Internet connections to see if they could withstand attack. The short results: over the course of seven days, only Windows XP SP1 succumbed (and it fell in 18 minutes). But the excercise glosses over an important issue with Windows SP2.

In the test, all four computers were connected to the Internet just as they came, out of the box, with the exception of Windows XP SP2, which was allowed to "automatically" install the latest Microsoft security patches. None of the other systems had any patches installed at all. Reportedly the computes sustained 46,255 scans during week-long test. Out of those scans, only a handful of dedicated attacks ocurred: eight for Linux, three for Mac OS X, and sixteen for Windows XP SP2. SP1 died almost immediately, ultimately becoming a remotely-controlled "bot" system doing the bidding of some hacker overlord.

My first reaction to this test is to cry "unfair!" Why was SP2 patched during the test, while Linux and OS X were not? In my opinion, StillSecure's test protocol is hardly cricket. My own tests of SP2 show that when unpatched it falls to infection within an hour. StillSecure seems to have sweetened its honeypot in SP2's favor.

StillSecure reportedly permitted SP2 its patches because it can install them automatically, but that only happens if the user elects automatic updates, and many don't. Mac OS X also has the option to automatically apply patches, and you can purchase Linux distributions with the same feature. All three prompt the user let patches download and install automatically.

Beyond the obvious problem of its test bias, StillSecure's reported results obscures a fact that may be too subtle for non-expert users: a Windows system (or any other,for that matter) can become infected in the time it takes for patches to be downloaded and installed. I've seen it happen many times, leading to my recommendation for the SwatBox to protect a Windows computer during the vulnerable update process (see my December 2004 column at E-ProMag.com).

Unfortunately, a huge number of home- and small-office Windows users connect to the Internet with no firewall protection, and also bypass automatic updates. That Windows XP SP2 still ships in a vulnerable configuration for these users is a huge failure on Microsoft's part. I'm glad that Microsoft is beefing up security, but I'm not happy to see security professionals gilding the lilly.

Posted by mbeckman on March 1, 2005 at 10:17 AM