you and your phone are huge threats to the net
Post on 25-Jun-2015
937 Views
Preview:
TRANSCRIPT
@alecmuffett
@alecmuffettwww.alecmuffett.com
green lane securitywww.greenlanesecurity.com
www.greenlanesecurity.com
you and your phone area huge threat to the net
@alecmuffett www.greenlanesecurity.com
...but not in the way you may think
@alecmuffett www.greenlanesecurity.com
1: You
@alecmuffett www.greenlanesecurity.com
knowledge & memory
@alecmuffett www.greenlanesecurity.com
example: you & phone numbers
@alecmuffett www.greenlanesecurity.com
nowadays your phone helps you remember phone numbers
so you can ignore the phonebook
@alecmuffett www.greenlanesecurity.com
example: you & IP addresses
@alecmuffett www.greenlanesecurity.com
your computer is not yetbypassing DNS for you
@alecmuffett www.greenlanesecurity.com
2: Your Phone
@alecmuffett www.greenlanesecurity.com
(my phone)
@alecmuffett www.greenlanesecurity.com
samsung galaxy S2
@alecmuffett www.greenlanesecurity.com
(I used to sysadmin for universitieswhich had less CPU power)
@alecmuffett www.greenlanesecurity.com
networking
@alecmuffett www.greenlanesecurity.com
GPRS, 3G, HSDPA/+, Wifi
@alecmuffett www.greenlanesecurity.com
@alecmuffett www.greenlanesecurity.com
@alecmuffett www.greenlanesecurity.com
Mon Jan 9 21:40:05 82.xx.xx.xx Vigor[4294967295] <Info>: DoS smurf Block 31.106.0.240 -> 82.xx.xx.xx PR icmp len 20 84 icmp 0/8
Mon Jan 9 21:40:11 82.xx.xx.xx Vigor[4294967295] <Info>: DoS smurf Block 31.106.0.240 -> 82.xx.xx.xx PR icmp len 20 84 icmp 0/8
@alecmuffett www.greenlanesecurity.com
@alecmuffett www.greenlanesecurity.com
@alecmuffett www.greenlanesecurity.com
@alecmuffett www.greenlanesecurity.com
Your phone is...
@alecmuffett www.greenlanesecurity.com
powerful enough to be a server
@alecmuffett www.greenlanesecurity.com
thoroughly connected
@alecmuffett www.greenlanesecurity.com
but underutilised.
@alecmuffett www.greenlanesecurity.com
So what?
@alecmuffett www.greenlanesecurity.com
threat 1: censorship
@alecmuffett www.greenlanesecurity.com
domain filtering
@alecmuffett www.greenlanesecurity.com
UAE, Saudi, Ireland...
@alecmuffett www.greenlanesecurity.com
DNS domain seizure
@alecmuffett www.greenlanesecurity.com
newzbin2, dajaz1, ...
@alecmuffett www.greenlanesecurity.com
threat 2: network isolation
@alecmuffett www.greenlanesecurity.com
“divided we stand”
@alecmuffett www.greenlanesecurity.com
restricted ingress & egress= easier control
= simpler censorship
@alecmuffett www.greenlanesecurity.com
direct communication= disintermediation= harder to block
@alecmuffett www.greenlanesecurity.com
so why is your phone NAT’ed?
@alecmuffett www.greenlanesecurity.com
not security,else you need to avoid wifi
@alecmuffett www.greenlanesecurity.com
your phone is NAT’ed and firewalledinstead for another reason:
@alecmuffett www.greenlanesecurity.com
“because it’s what peoplecurrently expect”
@alecmuffett www.greenlanesecurity.com
summary
@alecmuffett www.greenlanesecurity.com
in three sentences:
@alecmuffett www.greenlanesecurity.com
“why can’t I ping your phone?”
@alecmuffett www.greenlanesecurity.com
“you’d do more with full connectivity...”
@alecmuffett www.greenlanesecurity.com
network access is not the same asnetwork connectivity
@alecmuffett www.greenlanesecurity.com
until this changes,you and your phone are promoting
inferior methods of network connectivity
@alecmuffett www.greenlanesecurity.com
ie: you are part of the problem
@alecmuffett www.greenlanesecurity.com
solutions?
@alecmuffett www.greenlanesecurity.com
technologies•IPv6
• no more scarcity of addresses• no more argument for NAT
• NAT is not a security mechanism• NAT is not a firewall
@alecmuffett www.greenlanesecurity.com
“a /48 is big enough for anyone?”*281,474,976,710,656 devices in your home?
@alecmuffett www.greenlanesecurity.com
technologies•Alternatives to DNS
• several out there• “.p2p” domain project
• also better DNS (i.e. DNSSEC)• Unloved by censors• SOPA would forbid
@alecmuffett www.greenlanesecurity.com
technologies•Tor
• ignores DNS internally• “.onion” domain
@alecmuffett www.greenlanesecurity.com
but the real solution
@alecmuffett www.greenlanesecurity.com
demand change.
@alecmuffett www.greenlanesecurity.com
(fin)
top related