On 28 Dec 2017, Jeremy Duncan, from Tachyon Dynamics, gave a webinar on “Multifactor Authentication Challenges.” Below is the recording and slides from the event. Thanks for all the questions and for Cover6 for hosting! Here’s the slides:
The time finally came for multifactor authentication in DoD. The DoD finally put their feet down on securing privileged account access. For all devices/products coming into DoD (especially through DoDIN/UC APL testing), will be held to account for the Network Device Management (NDM) Security Requirements Guide (SRG). The NDM SRG contains only a single CAT […]
A requirement for all DoD-facing systems on a network is to have a notice and consent banner. This is outlined specifically in the DoD memorandum “Policy on Use of Department of Defense (DoD) Information Systems-Standard Consent Banner and User Agreement,” from May 9, 2008. In this requirement, all systems have to have a notice and […]
For those product vendors that have been able to get listed and certified on the DoD Unified Capabilities Approved Products List (UC APL), there is a prerequisite certification required called FIPS 140-2. FIPS 140-2 is a certification program managed by the National Institute for Standards and Technology (NIST) and more specifically the Cryptographic Module Validation […]
The DoD has done an excellent job in annotating the best security practices for operating systems for years with its Security Technical Implementation Guides, or STIGs. In fact, STIGs for networking systems like routers, IDS/IPS, switches, devices, etc have been updated to reflect the new reality: IPv6. However, with STIGs on the operating system there […]
Tomorrow, our very own Jeremy Duncan will be speaking on “IPv6 Best Practices in Network Functions Virtualization (NFV) with Vmware NSX,” tomorrow around 11:10 am MDT. We are also here in the Denver Tech Center, so come on by and let’s talk! We have a booth right in front of the main conference room. If […]
We are excited to announce Tachyon Dynamics is now a Silver Sponsor for the North American IPv6 Summit. This summit has turned out to be the largest collection of IPv6 experts, vendors and enthusiasts in North America – we would argue the world. So much great and new content will be talked about this year […]
I was fortunate to present my take on IPv6 for the home user. I’ll embed the PowerPoint slides here below. On November 20th, I was asked to give an IPv6 presentation for the D.C Cyber Security Professionals Meet Up Group. We didn’t have a very good turn out, but I was able to focus on […]
Many enterprises in the DoD and US Federal Government are struggling with how to implement inexpensive 802.1x solutions for their wired LANs. Especially in the DoD, there are specific regulations that require the use of 802.1x on the Unclassified Networks (NIPRNet) and Classified Networks (SIPRNet). For your reference, those requirements are called Security and Technical […]
We are happy to announce that Tachyon Dynamics is the first provider of a speed test (again), on Ookla’s www.speedtest.net, in the Southern Virginia/Tidewater area. We can offer internet speed tests of up to 100 Mbps. Happy testing! We had ISP throttling issues last year so we had to temporarily suspend the testing service. We […]
We had a great time at the North American IPv6 Summit last week. I recommend everyone check out the virtual downloads and sessions, as there was so much great content this year. Most of this year’s excitement is how IPv6 intersects with things like Software Defined Networking (SDN), OpenStack, Whitebox networking, and Network Functions Virtualization […]
Here in Denver, Jeremy Duncan (@nacnud) will be speaking on the IPv6 capabilities of whitebox networking at the North American IPv6 Summit on Thursday, 25 September, 1:30 – 2:30 pm. More details on this presentation, as well as other great talks, are located on the conference website here: http://www.rmv6tf.org/na-ipv6-summit/2014-na-ipv6-summit/2014-speakers-topics Presentation Synopsis Jeremy will outline all […]
We are excited to announce Tachyon Dynamics is now a Bronze Sponsor for the North American IPv6 Summit. This summit has turned out to be the largest collection of IPv6 experts, vendors and enthusiasts in North America – we would argue the world. So much great and new content will be talked about this year […]
In a previous post, I warned everyone that accessing the DoD’s Approved Products List Integrated Tracking System (APLITS) will require a client certificate. Currently, the APLITS system accepts the use of a DoD Common Access Card, or CAC, to access. However, this limits access to the APLITS site to only DoD civilian, military and contractor […]
A few weeks ago, the IETF updated the newest in a long line of what I like to call “IPv6 capitulations.” Going on a rant here – the IETF fought long and hard to have a robust, secure, and interoperable protocol with IPv6. This is one of the many examples where it is being systematically […]
Completing the hurdle of DoD Unified Capabilities Testing (UC APL) in a decent amount of time is already a challenge. However, if you have Microsoft Windows workstations (Vista, 7, 8, etc) or Windows Servers (2008, 2008 R2, 2012, etc), then your validation, hardening and testing gets so much more complicated. For the DoD, Windows security […]
Actually, the site will require CAC-only (DoD Common Access Card) logins starting 28 March. After that time, no vendors, sponsors or testers can login to the site using a user name and password – ever. What Does This Mean for You?* If you are a DoD contractor, civilian or uniformed military you will not be […]
The key to any secure network in stopping 100% of UDP-based DNS amplification DDoS attacks is simple: follow BCP38. You ask, “but it’s 2014, and BCP38 came out in 2000, why bring it up?” Well, simply not enough networks are following the Best Common Practice. Why I Bring Up BCP38 This last week saw the […]
A few months back, I wrote an article called DNS for Network Engineers. Basically, it is a back-to-basics look on what each of the DNS record types were, and a few examples of what they looked like using Dig. Well, the feedback I received was a desire for more Dig. So I give you: Learning […]
OSPFv3 AF Authentication is finally fixed! Unless you are a regular follower of this blog, you may not have heard that Cisco’s OSPFv3 with Address Families (AF) Authentication support was broken. By broken I mean it took down OSPFv3 adjacencies. Not good. Read here for that article. Anyway, I have been using the IOS-XE version […]
Speaking with quite a few network engineers in the last few months, I was shocked by the lack of real understanding of the Domain Naming System (DNS). It shocked me because it is the singular application functionality that is entirely network-based. Meaning that DNS is the foundation of the Internet, and from their perspective, should […]
Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise. Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent 3.09.02 S, […]
A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space. Enjoy! [youtuber youtube=’http://www.youtube.com/watch?v=oq0RxI1p6zc’] Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips […]
Picking up where we left off last, I was showing you the awesome usefulness, security and affordability of Yubikey (Yubico’s 2-Factor authentication token) and using it for 2-factor authentication on network devices. Well, I’d like to go another step forward: 2-Factor authentication for Windows computers to a Windows Active Directory environment. If your enterprise deployment […]
In the DoD there is a strong requirement for 2-factor authentication in the network. For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate. The user has a PIN; therefore, 2-factor. Nothing like this exists for network devices (routers, […]
