NetBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to NetBSD or
of interest for NetBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: fernado gont
Fernando Gont - Results of a Security Assessment of the TCP and IP protocols and Common implementation Strategies
Source: BSDCan - The Technical BSD Conference
Added: 25 May 2009
Tags: bsdcan, bsdcan2009, presentation, bsd, security assessment, fernado gont
Security Assessment of the Internet Protocol (660 Kb, 63 pages), Slides (473 Kb, 64 pages), Proposal (93 Kb, 3 pages), Security Assessment of the Transmission Control Protocol (TCP) (1.4 Mb, 130 pages)
Results of a Security Assessment of the TCP and IP
protocols and Common implementation Strategies
Fernando Gont will present the results of security
assessment of the TCP and IP protocols carried out
on behalf of the United Kingdom's Centre for the
Protection of National Infrastructure (Centre for
the Protection of National Infrastructure). His
presentation will provide an overview of the
aforementioned project, and will describe some of
the new insights that were gained as a result of
this project. Additionally, it will provide an
overview of the state of affairs of the different
TCP/IP implementations found in BSD operating systems
with respect to the aforementioned issues.
During the last twenty years, many vulnerabilities
have been identified in the TCP/IP stacks of a
number of systems. The discovery of these vulnerabilities
led in most cases to reports being published by a
number of CSIRTs and vendors, which helped to raise
awareness about the threats and the best possible
mitigations known at the time the reports were
published. For some reason, much of the effort of
the security community on the Internet protocols
did not result in official documents (RFCs) being
issued by the organization in charge of the
standardization of the communication protocols in
use by the Internet: the Internet Engineering Task
Force (IETF). This basically led to a situation in
which "known" security problems have not always
been addressed by all vendors. In addition, in many
cases vendors have implemented quick "fixes" to the
identified vulnerabilities without a careful analysis
of their effectiveness and their impact on
interoperability. As a result, producing a secure
TCP/IP implementation nowadays is a very difficult
task, in large part because of the hard task of
identifying relevant documentation and differentiating
between that which provides correct advisory, and
that which provides misleading advisory based on
inaccurate or wrong assumptions. During 2006, the
United Kingdom's Centre for the Protection of
National Infrastructure embarked itself in an
ambitious and arduous project: performing a security
assessment of the TCP and IP protocols. The project
did not limit itself to an analysis of the relevant
IETF specifications, but also included an analysis
of common implementation strategies found in the
most popular TCP and IP implementations. The result
of the project was a set of documents which identifies
possible threats for the TCP and IP protocols and,
where possible, proposes counter-measures to mitigate
the identified threats. This presentation will will
describe some of the new insights that were gained
as a result of this project. Additionally, it will
provide an overview of the state of affairs of the
different TCP/IP implementations found in BSD
operating systems.
|
|