Deploy360 10 May 2017

RIPE 74 – Highlights from Day 2, Part 1

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

The RIPE 74 meeting is happening this week in Budapest, Hungary, and we’re highlighting the presentations and activities related to the Deploy360 technologies throughout the week.

Tuesday was a busy day for us, trying to catch some interesting presentations in between editing some IPv6 BCOPs. In fact, so busy that it’s too much to report in one blog, and so we’re going to publish it in two parts.

We must of course highlight the ‘Internet of Stupid Things‘ presentation from Geoff Huston (APNIC Labs) that considers whether the Internet-of-Things is something of a passing consumer fad, or whether it represents a profound technology change.

Connecting unmanaged devices to the Internet is nothing new, but the ability to cheaply produce low power devices with wireless connectivity has made it practical to use these for all manner of applications. Furthermore, the traditional computer markets have become saturated and sales are plummeting, and there are even indications that the smartphone market has peaked. This means that production capacity needs to be redirected to new opportunities, and given the low price points in technology nowadays, high volumes are critical to maintaining margins.

In reality, IoT devices have little in common with different applications having highly divergent requirements in terms of connectivity, data volumes, user interfaces. However, one frequent commonality is the lack of inherent security, such as devices with open Telnet, SNMP and NTP ports, DNS resolvers open to the WAN, common root passwords, as well as using libraries with known security risks. And even if the devices are produced with reasonable security, how are software upgrades and security patches applied on neglected and unmanaged devices? That’s before the privacy implications are even considered.

What is clear is that production volumes are already huge and continuing to grow, and these problems are only going to increase unless the market is able to distinguish between devices with high-quality architectures and responsible attitudes to privacy.

Geoff did not attempt to provide the answers in his presentation, but it’s worth checking out the later ‘Why IPv6 Security Is So Hard‘ presentation from Enno Rey (ERNW) who offered an analysis of the structural deficits of IPv6 and their implications, which he also blogs about on ERNW Insinuator. The presentation proved a bit controversial as it highlighted perceived failures with IETF IPv6 standards, and the view they were developed in an era where there was much less malpractice than today. Some specific examples were provided, but some suggestions were offered as to how to operational practices can be improved.

The day concluded with a couple of good IPv6 case studies. The first on IPv6 addressing for Content Delivery Networks from Joao Taveira Araujo (Fastly), followed by how Rabobank implemented IPv6 from Friso Feenstra (Rabobank).

Rabobank are actually finding that security measures are becoming more difficult to implement with more-and-more customers using private IPv4 addresses behind NATs, so realised there are commercial benefits in encouraging IPv6 usage. Gaining experience with IPv6 before they’re forced to move from IPv4, also allows them to develop best practices and shake-out any problems they encounter.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at https://ripe74.ripe.net/programme/meeting-plan/

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...