anti-spoofing document
Hi, I keep running into people who have never heard of the excellent document that Torbjörn Eklöv has created over time. It came out of work to create requirements and certification for access networks, one large reason was to assure a secure end user connection that didn't have MITM and spoofing problems. The main site is here: http://secureenduserconnection.se/ Direct link to the current version of the document: http://secureenduserconnection.se/wp-content/uploads/2012/02/SEC-Secure-End-... I recommend everybody looking for information and requirements on how to create a secure network to read this document. It's very comprehensive. -- Mikael Abrahamsson email: swmike@swm.pp.se
Hi Mikael, On 11/11/14 21:05, Mikael Abrahamsson wrote:
I keep running into people who have never heard of the excellent document that Torbjörn Eklöv has created over time. It came out of work to create requirements and certification for access networks, one large reason was to assure a secure end user connection that didn't have MITM and spoofing problems.
The main site is here:
http://secureenduserconnection.se/
Direct link to the current version of the document:
http://secureenduserconnection.se/wp-content/uploads/2012/02/SEC-Secure-End-...
I recommend everybody looking for information and requirements on how to create a secure network to read this document. It's very comprehensive.
Thank you for this reference to this comprehensive work. By its completeness, the document could be a basis for a number of BCOPs. For the IPv4 and IPv6 address spoofing, the documents suggests using a access filtering based on IPv4/6 address whitelist table on customer ports. For IPv6 it gives examples to build such a whitelist table, but I see in the edit history, they removed such examples for IPv4. I will check if the examples are still in previous versions of the document. Good topic for ongoing discussions now we start thinking of TCP FastOpen (https://tools.ietf.org/html/draft-ietf-tcpm-fastopen) and UDP gained new interest as an alternative to surf the web (https://ripe69.ripe.net/wp-content/uploads/presentations/166-quic.v0.1.pdf). Cheers, -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
Hi Mikael, This document is fantastic (more so that it has been built in English!), thanks for pointing it out! There is a lot of information out there nowadays, some of it good, some of it bad - but it's not easy to find such hidden gems. With the risk of sounding ungrateful and pedantic, I have one small issue with the website it's hosted on though, considering we're on the topic of security, MITM and best practices: the website is only available via HTTP and it's running an older version of Wordpress. Upon trying to access it via HTTPS, the certificate offered is for interlan.se and the page is some admin login for Halon SP (whatever that is). Cheers, Cristian On Tue, Nov 11, 2014 at 8:05 PM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
Hi,
I keep running into people who have never heard of the excellent document that Torbjörn Eklöv has created over time. It came out of work to create requirements and certification for access networks, one large reason was to assure a secure end user connection that didn't have MITM and spoofing problems.
The main site is here:
http://secureenduserconnection.se/
Direct link to the current version of the document:
http://secureenduserconnection.se/wp-content/uploads/2012/02/SEC- Secure-End-user-Connection-2014-05-30.pdf
I recommend everybody looking for information and requirements on how to create a secure network to read this document. It's very comprehensive.
-- Mikael Abrahamsson email: swmike@swm.pp.se
participants (3)
-
Benno Overeinder -
Cristian Sirbu -
Mikael Abrahamsson