Barry frequently presents at conference talks, workshops, and webinars. Barry enjoys working with peers to share, empower, and entertain with live interactive sessions. Forty years of public speaking experience is reflected in the talks below. Crafted conference talks tuned to the organizer’s audience. The general theme for all the talks is to help people understand,
Category: Internet
DDoS Attack Preparation Workbook
Internet DDoS Attacks are a force of nature on the Internet. They are like earthquakes, hurricanes, floods, tornados, tsunamis, and all other disasters. Organizations need to prepare for a DDoS Attack the same way they prepare for severe weather and natural disasters. These guides have been crafted based on my personal experience (+25 years of
Conficker Working Group – Archive of Materials
Conficker Still Survives! While public attention to Conficker has faded since the widely publicized April 1st, 2009 “attack date”, the fact is that a huge number of computer systems remain infected with Conficker. As recently as late October 2009, the number of systems infected with the A+B+C variants topped seven million. The Conficker Working Group
Breakthrough IOT Security to Secure Smart Cities
The Global Cyber Alliance (GCA) announced their latest IOT Security tool. Automated IoT Defence Ecosystem (AIDE) is a platform built for IOT vendors and researchers. IOT is powerful capability that will be developed by innovators all over the world. The 25 billion by 2021 is a drastic underestimate. The IOT security threat is also underestimated. Read More
What Stops a Nation-State BGP Hijack?
Can Nation-State BGP Hijack Parts of the Internet? Yes, a Nation-State BGP Hijack is a threat on the Internet. Nation-States can orchestrate the manipulation of the Border Gateway Protocol (BGP) via “hacked routers all over the world. These routers would then be used to inject bad, misconfigured, or non-authorized routes all over the world. The result Read More
Security Organizations
There are many Security Organizations in the world all working towards the goal of a more secure & resilient Internet. This is an ongoing list of known security organization. Security Groups 10 Years and Older Forum of Incident Response and Security Teams (FIRST) – FIRST is the Forum of Incident Response and Security Teams. The
Recommendation: BGP Ingress & Egress Filtering BCPs
The core BGP Security recommendation is for all BGP Ingress & Egress Filtering to follow BCPs. These BGP Best Common Practices (BCPs) are not confidential. Your peers would be open to share what they do and help you deploy better policies. It is recommended that you inspect your network’s practices and procedures. Review the BCP
Principle: BGP Hijacking Risk Reduction is a Layered Solution
Reducing the BGP Hijacking risk reduction is a layered solution. Organizations cannot jump into RPKI BGP Security if they have not established the basics for BGP Security. It must be remembered that projecting against BGP Hijacks is not a “one tool” approach. All the BGP Security techniques work together. Organizations should view this as
Recommendation: Deploy Peerlock
Operators deploying Peerlock mitigate many route leak and BGP Hijacking risks. Peer-Lock is an optimized AS-Path Filtering technique. The foundation is not new. We have been using AS Path Filtering for decades. The new approach uses the AS-Path filter and a written peering agreement. Job Snijders pioneered and championed Peerlock while @ NTT (see NTT Peer
Recommendation: All prefixes will have one BGP Community
We have learned in the community that it is safer to have all prefixes with one BGP Community. That means a BGP community will be required for the route to get advertised to a peer. Granted, each prefix might have multiple BGP Communities, but the requirement that each must have at least one BGP community