I'm currently hosting nodes for two distributed monitoring networks - one for several years now (since perhaps 2010 or so), and the other one as of yesterday.
Distributed monitoring networks put small, low power, low bandwidth devices into your network to get a better view of various things of global scope.
The two I'm currently involved in are RIPE Atlas Probes and FlightAware's FlightFeeder.
This blog follows my exploits as a one time Network Architect / Systems Administrator / IT Manager at a university in South Africa. When you've RTFMd, and it didn't help, WABM!
Friday, 30 June 2017
Thursday, 15 June 2017
DMARC Breaks Mailing Lists - in the wild!
In a recent post, I mentioned that SPF and particularly DMARC can break mailing lists.
For the first time ever, I've actually seen an email to a mailing list that was somewhat "broken" by the implementation of DMARC.
This is possibly correlated to the fact that I don't belong to a lot of mailing lists, or perhaps because as we're busy rolling DMARC out ourselves, I'm more attuned to it...
For the first time ever, I've actually seen an email to a mailing list that was somewhat "broken" by the implementation of DMARC.
This is possibly correlated to the fact that I don't belong to a lot of mailing lists, or perhaps because as we're busy rolling DMARC out ourselves, I'm more attuned to it...
Friday, 9 June 2017
Secure DNS Recursion with DNSSEC
As you're no doubt aware, the Internet basically runs on two things: TCP/IP and DNS.
Given that you usually hit DNS before you get anywhere near TCP/IP, it seems like a good idea that you can actually trust DNS records. Also, many of our security features require DNS - think about things like SPF and DMARC, and emerging protocol DANE.
It turns out, as with most Internet security, that this was an afterthought.
Read on to see how you can secure your DNS resolvers against DNS cracks...
Given that you usually hit DNS before you get anywhere near TCP/IP, it seems like a good idea that you can actually trust DNS records. Also, many of our security features require DNS - think about things like SPF and DMARC, and emerging protocol DANE.
It turns out, as with most Internet security, that this was an afterthought.
Read on to see how you can secure your DNS resolvers against DNS cracks...
Wednesday, 7 June 2017
Outgoing Email Security in 2017: SPF, DKIM and DMARC
In the IT trade, you are regularly exposed to the misery of others that are somewhat less tech-savvy.
Of late, I've been exposed to far too many people falling prey to 3rd party compromised accounts and spoofed email attacks - with quite significant financial losses. It has also happened to other schools. It's something sysadmins can help with, so let's do that!
As you no doubt know, the Internet is not secure by design - and that includes Email. Read on for how you can take some steps to help secure your school's outgoing email communications...
Of late, I've been exposed to far too many people falling prey to 3rd party compromised accounts and spoofed email attacks - with quite significant financial losses. It has also happened to other schools. It's something sysadmins can help with, so let's do that!
As you no doubt know, the Internet is not secure by design - and that includes Email. Read on for how you can take some steps to help secure your school's outgoing email communications...
Subscribe to:
Posts (Atom)