Hunter CIS608 Blog Summary
Clearly, the bulk of my postings have been DNS related. It is what I do and what I am most familiar with since I deal with it daily. Except for the two-week break from DNS that is.
The entry about IT risk management is another area I am very familiar with, since that is part of my daily job as well.
The Russian network surveillance system was just an interesting article I came across, and thought it might be a nice break from DNS...
I hope this blog may be of some use to someone out there on the 'Net. The references I have cited along the way are truly the best sources of DNS information I have come across and have provided very valuable reference to me on the job. This was especially helpful when it came time to tackle DNSSEC--a major undertaking to say the least!
BTW, lessons learned when running DNSSEC, when re-signing your zone don't forget to update the serial number first, and don't forget to restart the server or it will not use the newly re-signed zone! I've caught myself a couple of times wondering why my dnskey dates hadn't changed after re-signing.
I hope you have enjoyed this blog--it certainly proved to be less painful than I anticipated when I started. Can't promise it'll keep going...
For future student bloggers, pick a topic you either like or are familiar with--it makes it easier to post weekly updates that way.
Cheers!
Monday, November 12, 2012
New DISA DNS Security Requirements Guide (SRG)
So, now that DoD DNS administrators have become comfortable with using the DNS STIG to manage DNS security on their servers, DISA has put out a new SRG to be used along with the STIG. Here is a link to the memo that DISA sent out when they posted the new SRG:
http://iase.disa.mil/stigs/net_perimeter/other/u_dns_srg_v1_stig_release_memo.pdf
This was just released on 2 November, so I am still reviewing it to see how it affects how we run our checklists. What I have gathered so far is that the SRG incorporates security elements from previous network SRGs to ensure that the DNS "big picture" is secure.
It also sounds like the STIG may become automated in the future, which is how many of the other DISA STIGs operate.
Here is a link to the actual SRG, which includes a very informative document, DOMAIN NAME SYSTEM (DNS) SECURITY REQUIREMENTS GUIDE (SRG) OVERVIEW in the zipped file:
http://iase.disa.mil/stigs/net_perimeter/other/u_dns_srg_v1r1.zip
This will certainly have many DoD "DNS oldtimers" pulling their hair out while we figure out how to incorporate the new SRG!
So, now that DoD DNS administrators have become comfortable with using the DNS STIG to manage DNS security on their servers, DISA has put out a new SRG to be used along with the STIG. Here is a link to the memo that DISA sent out when they posted the new SRG:
http://iase.disa.mil/stigs/net_perimeter/other/u_dns_srg_v1_stig_release_memo.pdf
This was just released on 2 November, so I am still reviewing it to see how it affects how we run our checklists. What I have gathered so far is that the SRG incorporates security elements from previous network SRGs to ensure that the DNS "big picture" is secure.
It also sounds like the STIG may become automated in the future, which is how many of the other DISA STIGs operate.
Here is a link to the actual SRG, which includes a very informative document, DOMAIN NAME SYSTEM (DNS) SECURITY REQUIREMENTS GUIDE (SRG) OVERVIEW in the zipped file:
http://iase.disa.mil/stigs/net_perimeter/other/u_dns_srg_v1r1.zip
This will certainly have many DoD "DNS oldtimers" pulling their hair out while we figure out how to incorporate the new SRG!
Monday, November 5, 2012
You Think Invasion of Privacy is a Big Issue in the U.S.? Check out what Russia Just Did...
So, apparently the Russian government has contracted and just activated a nation-wide online surveillance system in the country. The intent is to stop online pedophilia, but it is capable of monitoring the activities of millions of Russians. Vladimir Putin recently enacted a new law that may allow the system to be used for ferreting out people speaking out against the Russian government as well. Scary times in Mother Russia...
Imagine what would happen if this took place in the U.S. There are already many people that feel they are constantly under surveillance with the USA Patriot Act and like measures by the government. The ACLU and citizens alike would be up in arms immediately if the American government were to try to do this. Then again, there are those that feel it's already in place in the U.S.
Here is a link to the Infosec Island article by Pierluigi Paganini:
Russia Deploys a Massive Surveillance Network System
So, apparently the Russian government has contracted and just activated a nation-wide online surveillance system in the country. The intent is to stop online pedophilia, but it is capable of monitoring the activities of millions of Russians. Vladimir Putin recently enacted a new law that may allow the system to be used for ferreting out people speaking out against the Russian government as well. Scary times in Mother Russia...
Imagine what would happen if this took place in the U.S. There are already many people that feel they are constantly under surveillance with the USA Patriot Act and like measures by the government. The ACLU and citizens alike would be up in arms immediately if the American government were to try to do this. Then again, there are those that feel it's already in place in the U.S.
Here is a link to the Infosec Island article by Pierluigi Paganini:
Russia Deploys a Massive Surveillance Network System
Subscribe to:
Posts (Atom)