Your Own Certification Authority in a Letsencrypt Style

Have you ever thought of automating the certificate issuing in your organization’s internal certification authority? How about using the same procedure as in Let’s Encrypt and the ACME protocol, while enjoying all the benefits ACME has to offer? The possible solution is to use Boulder. I will now try to break down for you the Boulder’s installation process and the pitfalls that I encountered during the setup.

Looking back at the Cybercompetition finale

A golden opportunity: the bank we’re about to rob is moving to new premises today. To our luck, they’re also testing alarms until 4 PM, so it won’t be suspicious if we accidentally set one off. There is an open window on the first floor protected by a single sensor. Our inside man among the staff has placed an IP camera into the sensor cabinet, so we can see if the sensor we are trying to break has the ‘status OK’ or the alarm is screaming. The IP camera is streaming to YouTube — alas with a delay. The problem is that the sensor communicates via radio waves: every 15 to 30 seconds the diode beeps and the device sends a signal. We’re listening, trying to imitate it, and when we’re sure, we’re gonna shut down the sensor and turn on our little imitation that we built. What is left is just to arrange the tin foil between the antennas, like this… the sensor alarm’s blaring! We are holding our ears and will try again in half a minute.

IETF 99 in numbers

Last week, thanks to the IETF (Internet Engineering Task Force) conference, Prague became the center of the Internet community. It was for the fourth time that the Czech Republic was given the honor to host this important meeting where RFC (Request for Comments) standards are created: Prague hosted it in March 2007 (68th IETF), 2011 (80th IETF) and July 2015 (93th IETF), with our Association having taken part in organizing the last three meetings.

Looking back at the first round of the cyber competition

The ongoing first nationwide competition in cyber security attracted not only students of technical fields, but also many gymnasium students. The first round of the competition was attended by 1,067 participants from 162 schools of various specialization from across the country. The only restriction was the age (15-18 years), in order that the most successful competitors be qualified for the European Cyber Security Challenge. Most students came from the Prague, South Moravia, Pardubice and Vysočina regions.

IPv6 – Unwanted Child?

Near the end of the old year, a juicy discussion broke out in the “main” IETF mailing list. Although it was ignited by a bizarre proposal of IP version 10, in reality it reflects a general frustration caused by the sluggish pace of IPv6 deployment. John Klensin, one of Internet’s grandfathers, expressed a surprisingly sceptical and self-critical opinion. He means that IPv6 proponents gradually lose on credibility: “[We] spent many years trying to tell people that IPv6 was completely ready, that all transition issues had been sorted out and that deployment would be easy and painless. When those stories became ever more clearly false, we then fell back on claims or threats that failure to deploy IPv6 before assorted events occurred would cause some evil demon to rise up [and] devour them and their networks. Most of those events have now occurred without demonstrable bad effects; …”

DNSSEC has become mainstream

This year’s December 5 made it into the history of Czech Internet security by crossing a significant threshold. From this date, in the registry of .cz domains there are more domains with DNSSEC security than those which lack this protocol extension. Information provided by DNS systems of more than 51% (653,297) of .cz domains can now be authenticated to ensure that it was not spoofed on the way to the user.

Version 1.1 of YANG language is out

A complete specification of the new 1.1 version of the YANG data modelling language was published as RFC 7950 on the last day of August. After a relatively slow start, in the last two years the use of YANG has been steadily increasing not only in the IETF but also in other standard development organisations such as IEEE or BBF, and also in the industry. Nowadays, YANG is regarded as a fundamental tool for secure remote administration of network devices and services. It becomes clear that standard and machine-readable data models of configuration and state data – that is, definition of their structure, data types and semantic rules – are ultimately more important than the concrete management protocol that is used for transmitting and editing the data. Despite some reluctance on the side of equipment vendors who love their proprietary CLIs, especially operators of large and heterogeneous networks have been pressing hard to make the management data as standard and cross-platform as possible.