IPv6 Security

What's IPv6 (other than Internet Protocol version 6)?

It's the next step in the evolution of the Internet. The present internet (IPv4) was designed in the 70's, and is starting to have problems with its growth as well as some other issues.

IPv6 fixes the scaling problems as well as a bunch of other things, but adds a large amount of complexity and some overhead to the network.

In a nutshell, an IPv6 internet would be lots better than our present IPv4 Internet.

The bad news? It will be really hard to transition from IPv4 to IPv6 for our nework providers and network engineers. Would better technology work better for users when the operators don't understand it and the hardware is only partially implemented?

Add security to the mix and it's 10 (100?) times worse. The security people who understand IPv4 and are trying to keep up with the bad guys don't have the time to learn IPv6 at the level that they need to, and the hardware vendors don't have security devices that support IPv6 at the level of IPv4. IPv4 is also growing faster than our budgets to buy and support it -

IPv6 network gear is also (a lot) more expensive - how can we justify buying more expensive stuff when the features that add cost won't be turned on?

It's common knowledge in the network security business that the bad guys know IPv6 better than the good guys.

We know we need to transition our networks to IPv6 sometime. We just don't know when.

GuardianEdge for Hard Disk Encryption

Loss and theft of laptops and USB drives is one of the biggest security threats out there, and I need to know more about the products that support encryption.

If all the important information stored on your laptop and USB sticks are encrypted (the the laptop is OFF, or in a state where it needs a password to decrypt), then loss and theft aren't a security risk.

Just having a product that encrypts the data isn't enough, it has a good algorithm (like AES) and it has to be trusted. This means Common Criteria or FIPS 140-2 validation (or both). It also needs things like key escrow, so lost passwords aren't permanent.

I just talked to GuardianEdge as a solution for both full disk and removable storage encryption. It was a good meeting and an impressive product. We'll load it up on VMWare on both XP and Vista and kick the tires. It's both Active Directory integrated and FIPS 140-2 validated.

Has anyone worked with these products or worked with others in the same space?

Who are the Biggest Spammers?

Well, it looks like going after trying to go straight didn't work, Spamford Wallace and Walt Rines spammed MySpace, and got fined $50000 in January. That didn't appear to stop them.

Maybe they'll learn their lesson after a $230M (default) judgement. They didn't even show up to court. Can you blame them? I don't think they can scrape up that kind of money from strip clubs or gambling.

For the record, I briefly consulted for Walt Rines - when they were trying to do an ad-supported ISP business. I couldn't get out of there fast enough.