Cyber Security

Cisco IPv6 IOS Hardening – DoD Style

***Updated on 14 May 2014 – regarding NET-IPv6-022, See below*** Thousands of network engineers in the DoD out there looking at implementing IPv6 now have to address a few Security and Technical Implementation Guidance (STIG) items that they used to just annotate as “Not Applicable – NA.”  Now, IPv6 security is important.  If you are …

Cisco IPv6 IOS Hardening – DoD Style Read More »

Why 802.1x is Not Enough: How to Implement SeND – Part 2

Last month I presented the case as to why 802.1x authentication is not enough for local network (wired or wireless) security (go back here to read).  In this post I will present an alternative: IPv6 Secure Neighbor Discovery (SeND).  If you have an IPv6 enterprise, small IPv6 deployment, or a little IPv6 lab then pay …

Why 802.1x is Not Enough: How to Implement SeND – Part 2 Read More »

Why 802.1x is Not Enough: Use IPv6 SeND – Part 1

There’s been much debate in the IPv6 community regarding the abysmal support or IPv6 Secure Neighbour Discovery (SeND).  To get you up to speed on what IPv6 Secure Neighbour Discovery is think IPv6 + 802.1x-like + ARP security + PKI environment.  Later in this blog I’ll show you how to set up an IPv6 SeND …

Why 802.1x is Not Enough: Use IPv6 SeND – Part 1 Read More »

The Importance of DoD UC APL Certification Testing

We just posted a white paper on our website that discusses the various reasons why getting commercial IT products tested at the Joint Interoperability Test Command (JITC) for DoD Unified Capabilities Requirements (UC) Approved Products List (APL) certification is very important. We also illustrate the advantages it gives product vendors selling in the U.S. Federal IT …

The Importance of DoD UC APL Certification Testing Read More »

IPv6 RA Guard Implementation Advice

Bravo to Fernando Gont for getting out a great Internet Draft (soon-to-be RFC) on the Implementation Advice on IPv6 Router Advertisement (RA) Guard.  This has been one of the open, gaping wounds in the side of IPv6 enterprise deployment for years.  In fact, many of us in the IPv6 and IPv6 security fields love to …

IPv6 RA Guard Implementation Advice Read More »

Why SOPA and PROTECT-IP will kill the U.S. Internet: An Open Letter to Congress

I’m sure everyone has heard the headlines about the U.S. House of Representatives’ bill HR-3261 Stop online Piracy Act and the Senate Bill equivalent; Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP).  Well it’s more than just hyperbole.  However, I’ll start with what these bills actually say, what …

Why SOPA and PROTECT-IP will kill the U.S. Internet: An Open Letter to Congress Read More »

IPv6 IPsec – Reviving the Debate

John Spence from Nephos6 had a great article discussing IPsec and its place in the newest draft of the IPv6 Node Requirements RFC.  They offer a good opinion and perspective of the current state of the industry on IPv6 adoption, and how vendors (especially of small appliances) feel about adding IPsec to their IPv6 stack.  The …

IPv6 IPsec – Reviving the Debate Read More »

Scroll to Top