Category Archives: tips

Discover hidden cybersecurity talent to solve your hiring crisis

Not having access to technical talent is a common complaint in the cybersecurity world. Folks with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields we know. To borrow a phrase from the ever-logical Mr. Spock, CISOs need to embrace Infinite Diversity in Infinite Combinations. By this I mean embracing diversity not only of bodies but of talents and experiences. First, focus on acquiring the key cybersecurity … More

Tips that will help you have a successful custom software development

Everybody knows that custom software can contribute to an organization’s development and increase its’ efficiency and profitability. It can be hard to find a good developer that will provide you with adequate software and solutions for your business, therefore, when you think about custom software development, consider your organization’s needs and improvement areas. Of course, your developer will bring knowledge and experience, but you will be the one who has to provide the details. If you want this operation to succeed, consider some factors while you are working on it:

Tips that will help you have a successful custom software development

The end should be your beginning

It is better if you know exactly what you want, because only in this situation the developer will know which solutions to offer you. If you have the final image in mind, everything else will come naturally. It is up to you to think about your new software’s performance and accomplishments should be and explain your ideas to the developer.

Think about how this software will integrate in your business plan

Since it is custom made, it’s important to know right from the beginning how this software will contribute to your business’s development. For a clear picture, check your business plan and if you don’t have one, place your new investment in the organization’s overall development plan. If you don’t develop a strategy for the use of your new software, you will find that you have lost time and money.

Think about how the software will be useful for serving your market

Will the new software cope with your customer’s needs? Think about your market and how can the new acquisition help you enjoy its’ characteristics.

The decision should be made by one person

When we are talking about custom software development, we know that this is a job that can be done by more than one people. However, even if several members of your team will contribute to defining the final idea, only one person should be responsible for making the final decisions and communicate with the developer.

Always have the final scope in mind

If the final idea of your software is clear in your mind, stick to it throughout the project. You might be tempted to add some features throughout the process, but this can affect the scope and functionality. Stay focussed and you will have the software you wanted.

Consider that the developer is your team member

You might consider your hired software developer like an ordinary supplier, but this is wrong. If custom software development is a team work, the person creating the product can also be considered a team member. The communication is better and the whole project will have an amazing result.

It’s important to understand the difficulty of programming

For a person who doesn’t know what programming is all about, the process can seem easy. Actually, programming can take a lot of working hours, so you should understand that if you have extra requests and ideas, the time for completing your custom can be longer and the price higher.

The post Tips that will help you have a successful custom software development appeared first on TechWorm.

GDPR quick guide: Why non-compliance could cost you big

If you conduct business in the EU, offer goods or services to, or monitor the online behavior of EU citizens, then the clock is ticking. You only have a few more months – until May – to make sure your organization complies with GDPR data privacy regulations. Failure to abide by GDPR means you could get hit with huge fines. Finding and investigating data breaches: Why it’s always too little, too late Personal data protection … More

7 steps security leaders can take to deal with Spectre and Meltdown

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years. Security researchers revealed three major variants of attacks in January 2018. The … More

Why do we need a risk-based approach to authentication?

20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe. Today, however, the number of variables has skyrocketed. The move to the cloud, BYOD, and increased use of outside contractors means a legitimate … More

Love letters from a Black Hat to all the fools on the Internet

As an underground, “black hat” hacker, I don’t have time for significant others. I’m too busy earning stacks of cash to improve my Bitcoin mining rigs and working to pay off college loans. This Valentine’s Day I want to show my appreciation by sending love letters to all those ignorant and over-trusting fools on the Internet that pay my bills by making the same mistakes over and over. To Bob from the law firm Roses … More

Tackling the insider threat: Where to start?

Many organizations still believe the definition of an insider threat is limited to a rogue employee purposefully leaking embarrassing information, or nuking a couple of systems when he or she quits and walks out the door with internal or customer data to take to a new job. But not all insider threats have to be malicious to cause an incident. Perhaps someone on your marketing team wasn’t aware of their regulatory obligations in handling customer … More

How to Avoid Ransomware in 5 Easy Steps

As you scroll through your social media feed, a window pops up: “Your hard drive has been encrypted. You have 48 hours to pay $200 or your data will be destroyed.” You see a link and instructions to “pay in Bitcoin.” An ominous looking timer counts down the seconds and minutes for the two-day window. Nine, eight, seven….  

Your thoughts immediately go to the contents of your hard drive — your daughter’s graduation video, your bank statements, a life insurance policy, pictures of your grandchildren — they all sit there, vulnerable, helpless bits of ones and zeros…and you don’t know what the heck bitcoin is.

Welcome to the world of ransomware — digital data hostage-taking only Hollywood could make up. Ransomware is a security threat for people and business, and cybersecurity experts predict it will only get worse in the future. One cause for its popularity is the profitability of the enterprise. Cyberthieves rake in millions every year with threats to destroy or encrypt valuable data if their ransoms aren’t paid.

You don’t need to be a millionaire or multinational corporation to be at risk. Cyberthieves also target the data of average consumers. When they target consumers, hackers may only request a few hundred dollars ransom but when the threat includes a thousand people, it makes for quite the lucrative venture. Many ransomware victims feel the risk of losing their data is too great, so they pay up. However, this only encourages the criminals.

The best way to combat ransomware is by not becoming a victim in the first place. To that end, here are five immediate steps you can take to avoid ransomware attacks.   

Step 1: Set Your Operating System to Automatically Update

The first step to avoiding ransomware is to update your operating system (OS). Anything connected to the web works better when it’s OS is updated. Tech companies like Microsoft and Apple regularly research and release fixes for “bugs” and security patches for vulnerabilities in their systems. It’s a cybersecurity game of cat and mouse. Cyberthieves search for “holes,” and companies race to find them first and “patch” them.

Users are key players in the game because they are the ultimate gatekeepers of their operating systems. If your OS isn’t up to date, you can’t take advantage of the security updates. Plus, your computer runs better with an updated OS.

Set your OS to update automatically and you won’t need to remember to do it manually. While Windows 10 automatically updates (you have no choice), older versions don’t. But setting auto updates are easy, whether you’re on a Mac or PC.  

Step 2: Screenshot Your Bank Emails

Cybercriminals use trojans or worms to infect your computer with ransomware. So avoiding these will help you avoid ransomware. Worms and trojan malware are often spread through phishing email scams, which trick users into opening email attachments containing viruses or clicking links to fake websites posed as legitimate ones.

One of the best tips for keeping phishing emails at bay is learning to identify them. Hackers send phishing emails that look like they come from banks, credit card companies, or the IRS. Phishing emails kickstart your fears and anxieties by suggesting there are “problems with your account” or insisting that “Urgent action is required.” Who wouldn’t be scared if their bank sent them an email saying, “You are overdrawn in your account.”

Cybercriminals use this fear to distract people so they will overlook the telltale signs of the phishing email like misspellings or common fear-inducing subject lines.     

Take screenshots of all of the legitimate emails from your bank, credit card companies, and others business that manage your sensitive information. Use these screenshots to compare with future emails you receive so you can spot phishing phonies and avoid ransomware.

Step 3: Bookmark Your Most Visited Websites

The next step in your ransomware avoidance journey is to bookmark all of your most visited websites. Just as with phishing emails, cybercriminals build websites that look like bank or credit card sites. Then they trick users into clicking a link and visiting them. From there, hackers steal your sign-in credentials or infect your computer with malware.

Think twice before you visit a website by clicking a link in an email, comments section, or private messaging app. Instead, bookmark your most visited or high-value websites and visit them through your browser.  

Step 4: Backup Your Data to the Cloud and a Hard Drive

This step is a no-brainer. Ransomware works if you only have one copy of your data. If it’s irretrievable, then cyberthieves have the upperhand, but if you have multiple copies, you have taken away the power behind the threat.

Back up your data to both a cloud service and a hard drive. That way, you have a copy that’s available anywhere there’s internet access and one that’s physically accessible all the time. Both types of storage are relatively inexpensive and will certainly prove worth it if you’re ever a ransomware target.

After backing up your data, set up a schedule so you can keep your data current. If you haven’t backed up your data in six months, you’re probably just as vulnerable to ransomware attacks as having no backup at all.

The post How to Avoid Ransomware in 5 Easy Steps appeared first on Panda Security Mediacenter.

Why developing an internal cybersecurity culture is essential for organizations

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of cybersecurity culture The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of … More

7 steps for getting your organization GDPR-ready

While the EU has had long established data protection standards and rules, its regulators haven’t truly commanded compliance until now. Under the General Data Protection Regulation (GDPR), financial penalties for data protection violations are severe – €20 million (about $24.8 million USD) or 4 percent of annual global turnover (whichever is higher), to be exact. What’s more is that GDPR does not merely apply to EU businesses, but any organization processing personal data of EU … More

Groundhog Day: Third-party cyber risk edition

Over the past four years, I’ve had countless conversations with hundreds of companies around third-party cyber risk issues. It’s been my personal Groundhog Day, so to speak. Regardless of sector or size of company, the conversations are almost identical as most everyone faces a similar challenge: “How can I truly manage risk from third parties where I have little or no control over their information security practices?” “I know I have massive risk from third … More

The future of smartphone security: Hardware isolation

Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they queried, 100% had experienced a mobile malware attack at least once in the past. To date, most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against these threats. While some of these solutions have proven to be effective, … More

Building a coping mechanism for data breaches

Data breaches may be daily news, but they will always be a significant worry for business stakeholders. It is the IT team, however, that have to deal with the technical side of breaches. Here’s my view on establishing a coping mechanism. In most of the breaches that we analyse, there is always an element of human failure: You are just one stupid password away from a data breach Default passwords are asking for trouble Build … More

Achieving zero false positives with intelligent deception

Cyber attacks are not single events. When attackers compromise an asset, they don’t know which asset is infected. They must determine where they are in the network, the network structure and where they can find valuable information. That means attackers carefully try to find out as much as possible about the organization. This is precisely the behavior that intelligent deception technology can exploit in order to thwart attackers and protect organizations. Breadcrumbs are clues for … More

What is a security data lake?

The concepts of the data lake and the specialized security data lake are relatively new. While data lakes have a bit of a head start in adoption – largely among data science teams – some security teams are beginning to look into security data lakes to keep afloat in the wash of security log data they amass every day. Understanding the capabilities and differences between the two types of repositories will help determine if implementing … More

It’s time to get serious about email security

In today’s hyper-connected world, email is the foundation of every organization’s collaboration, productivity, and character. And despite annual rumors of its demise, there’s no reason to believe we’ll be writing its eulogy anytime soon. With its ubiquity and universal appeal, email is a treasure trove of sensitive business information. That’s why emails leaks aren’t just data loss events. They’re direct attacks on your brand and reputation. Despite team collaboration and communication tools like Slack and … More

How can we avoid another record year for breaches and ransomware?

More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report issued by AppRiver. The majority of cyber threats were initiated in the US and persisted throughout the year, with significant peaks in August, September and October. In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 … More

Good privacy is good for business, so pay attention

Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study. The study shows that privacy maturity is connected to lower losses from cyberevents: 74 percent of privacy-immature organizations experienced losses of more than $500,000 last year caused by data breaches, compared with only 39 percent of privacy-mature organizations. Privacy maturity is a framework defined by the … More

Kaspersky Lab official blog: The password dilemma: simple and crackable, or strong and forgettable?

Whether we are talking online shopping or bill paying, and don’t forget social networking, our modern lives require accounts, dozens of them. Each service tells you to come up with login and password, and every time the question arises: What should you use? And everyone has their own solution for that.

The password dilemma

Most people know full well that passwords are the first line of defense against cybercriminals. And we have repeatedly blogged about the importance of strong passwords — long and including special characters, numbers, and upper- and lowercase letters. Moreover, each account needs a unique password; reusing passwords is unacceptable.

However, the stronger the password, the easier it is to forget. And that can cause problems, as you surely know. As a result, lots of people decide not to bother and create one password for all sites, or even use their own name and date of birth as passwords. Naturally, this makes their data easy prey.

Kaspersky Lab carried out a study to find out which password selection strategy is most common among users and why.

So strong even I can’t sign in

Unique and complex passwords are a good thing, of course. People use them most frequently for bank accounts (63%), some payment systems (42%), and online stores (41%). But as we already said, such passwords are difficult to remember, and losing access to your mobile bank can be a real pain.

It would seem logical, then, to make a note of such passwords so as not to forget them. However, half of those polled do not store password memos in a particularly safe place. And even the strongest password in the world won’t protect you if an attacker finds it written down. There are no absolutely safe places for keeping passwords, unless they happen to be encrypted at the same time. But then you have to remember the cipher….

Weak and memorable

In an attempt to escape the dreaded “incorrect password” message, many users opt for convenience over security. To avoid the pitfalls of memorizing multiple passwords, about 10% of users choose the same one for all sites, thereby inviting cybercrooks to hack into not one, but all of their accounts in one go.

The invitation is warmly received: In the last year alone, 17% of respondents reported a hacking attempt on at least one account. The most popular targets were e-mail accounts (41% of all cases), social media (37%), and banks and online stores (18% each).

Don’t despair just yet

Instead of trying to find a balance between convenience and security, you can kill two birds with one stone by installing Kaspersky Password Manager, which stores all of your account details in a safe place. You’ll need to remember just one master password; the service handles the rest. What’s more, it can generate secure passwords that are very difficult to brute force — and enter them for you on demand.



Kaspersky Lab official blog

GDPR: Whose problem is it anyway?

With the GDPR deadline looming on May 25, 2018, every organization in the world that transmits data related to EU citizens is focused on achieving compliance. And for good reason. The ruling carries the most serious financial consequences of any privacy law to date – the greater of 20 million EUR or 4 percent of global revenue, potentially catastrophic penalties for many companies. Compounding matters, the scope and complexity of GDPR extends beyond cyber security, … More

What is the impact and likelihood of global risks?

The World Economic Forum, a not-for-profit foundation that each year gathers participants from around the world to discuss a wide range of global issues, has published its yearly Global Risks Report. Based on the opinions of almost 1,000 global experts and decision-makers, the top 5 global risks in 2018 in terms of likelihood are extreme weather events, natural disasters, cyber attacks, data fraud or theft, and failure of climate-change mitigation and adaptation. Cyber attacks and … More

Are VPN services only for hackers and tech junkies?

What Is a VPN, and Why Would I Need One?

You may have heard about VPN services that allow you to have an extra layer of security; access geographically restricted content; hide your traffic from your internet service provider and hide your location and browsing habits from the rest of the world. Your employer might be the one requesting you to use one when you are away from your office, but you still need safe access to your company servers.

Channeling your traffic through a VPN encrypts the outgoing traffic of your device making sure your online presence is anonymous to your ISP, employer, marketers, government, and anyone interested in your online behavior. All they see is that your traffic is going to a specific VPN hub and nothing else.

The flexibility and the anonymity that such VPN services provide make them an excellent tool for hackers who do not want to leave any traits that could potentially reveal their identity. Being a skilled hacker is not about cracking a system, but making sure that once you do, you do not leave traits that can lead back to you.

While hackers and tech junkies are known to use VPNs for the many reasons, there are a whole lot of regular folks from all over the world who enjoy the benefits of VPN.

So who are they and why they do it?

Security conscious people

Security-conscious travelers never connect to public WiFi networks unprotected. Hackers, or the admins of such networks, could be monitoring them. Instead, they connect to VPN that encrypts all incoming and outgoing traffic from their connected device. This is one of the ways that guarantees you that the admin, nor skilled hackers, will be spying, and possibly even recording, the data that goes through the router.

Bargain hunters

Grabbing an airline ticket at a lower price has never been easier. Sometimes there are significant price differences for flights that are offered to the US buyers when compared to British for example. While the currency exchange may add up, when you are looking for affordable plane tickets, it is always a good idea to check the fares from multiple locations so you can make sure you are getting the biggest bang for your buck.

Travelers

There is nothing more frustrating than being in a hotel on the other side of the world and not being able to watch your favorite TV show due to geographical restrictions. And if paying $30 for a pay per view movie does not sound appealing, you can use VPN to access your Netflix account and play your desired content on your laptop from the comfort of your hotel bed.

Dissidents and people who want to communicate with people living in the free world

While here in the US, freedom of speech is a human right, this is not always the case in some foreign states such as Russia, China, Iran and North Korea. Using VPN allows people from such countries to access content that is usually prohibited. Staying in touch with relatives living abroad could also be a challenge from time to time. If Facebook is your preferred way of communication, VPN may be your only solution for accessing it while in China.

Bored employees

The last thing you want is letting your employer know that over the last few days you’ve been spending all your mornings looking for new shoes on Amazon. Access to social media websites at work is also a distant dream for many employees. Using VPN service could let you bypass the restrictions and let you safely check out your Facebook feed from the comfort of your office PC or Mac. While it is understandable that employers want you to work all the time, sometimes people want their freedom, and having access to VPN might be the solution.

VPN is not only for hackers and technology-savvy people.

There are all sorts of people who use it, and the global usage is not showing any signs of slowing down. However, using VPN comes with some risks and not all VPNs are equal. While you might be anonymous when using VPN, you might want to make sure that you are aware of the risks, especially if you need to visit sketchy websites. Check out our suggestions for safe use of VPN.

The post Are VPN services only for hackers and tech junkies? appeared first on Panda Security Mediacenter.

Kaspersky Lab official blog: Why it is better to purchase an antivirus directly from the developer

Wanting to save your money when buying things is normal, yet sometimes this might impose a threat to you. Although our ancestors tried to drive out this sinful attitude, even making up dozens of proverbial sayings like “a cheapskate pays twice”, we still tend to believe that distributors can be selfless and that they are willing to give away goods for free out of the goodness of their hearts. Of course there are instances when saving a lot is possible without any consequences, but most of the time we look for deals, which end up resulting in loss and problems. This is applicable not only to iPhones and other luxury goods, but to antiviruses as well.

Why-it-can-be-unsafe-to-buy-Kaspersky-products-from-eBayAmazon-merchants

Numerous online offerings for Kaspersky products, including those on bidding platforms, e-commerce and advertisement sites, serve as good examples. Hundreds of sellers offer boxed Kaspersky Internet Security and other security solutions for prices up to 1.5 to 10 times lower than our normal price. In such cases, one cannot help but buy several licenses for the price of one. However, too low a price is often the first sign that the seller is a fraud.

Such low prices should make you think about the seller's integrity.

Such low prices should make you think about the seller’s integrity.

Sadly, the overwhelming majority of such offers are fraudulent or, at times, a legitimate yet invalid license. In the first case, you may just lose some money, in the second, you would need to deal not only with the loss of funds but also with problems that you will later have to devote your undivided attention (and ultimately, more money) to.

So, what drawbacks would a generous online offer conceal, and what problems might this mean for a buyer?

Non-existent/blocked/invalid license code

A made-up code is yours – for only $4!

A made-up code is yours – for only $4!

Anyone can produce a combination of letters and numbers that look like a software code, as well as post an offer for a blocked, invalid or out-of-date code. A buyer is essentially unable to check the validity of the code prior to the purchase. This is something that fraudsters have constantly been using when trading invalid codes in ‘3-for-1’ bundles. Having purchased such a code, a user is likely to see a “the code you entered is not valid” message.

Multi-user license

There is also another scenario: a culprit posts an offer for a valid license code for, say, three users, but sends the code to several buyers simultaneously. Then it is like Russian roulette: someone is faster than the others and activates the code, and the losers will have to see the message “this code has already been activated”.

Pirated license

A cracked code is a time bomb: a pirated code might be accepted by the software but will surely be banned afterwards by an anti-pirate system, disabling regular updates of antivirus databases and eventually exposing your machine to newer samples of malware.

A license with false features

It is well known that one license can be activated on several devices, depending on the type. This tactic is actively used by fraudulent sellers: they will sell a license for 2 machines as a product that is for 5 machines, which is, predictably, more expensive. By the time the buyer has activated the code on all devices and discovers the ugly truth, the sellers are nowhere to be found.

License valid for another region

One of the most unpleasant options is the purchase of a license restricted to a certain region. Licenses for different regions vary in price but the code can be activated only in the corresponding region. So a code for a license specifically designated for South Africa cannot be activated in any other country.

When purchasing such a license, it is quite difficult to notice that the license is intended for use within Italy only.

When purchasing such a license, it is quite difficult to notice that the license is intended for use within Italy only.

It is such an unfortunate coincidence: the seller did not want to lie to anyone, yet the buyer ends up with a valid, legitimate code s/he cannot use.

All of these scenarios have something in common: the users who have invalid, fraudulent or ‘grey’ codes are not entitled to receive any help from Kaspersky Lab’s technical support. Moreover, they are unlikely to be able to have the money returned that they spent. There have been cases where a victim has been able to prove the fraud and have their money reimbursed; yet the process would eat up a lot of time and energy.

In order to save yourself and your money from unnecessary risk, purchase activation codes only at www.kaspersky.com, from trusted merchants and authorized online distributors. Just accept the simple truth: if something is too good to be true, then it is probably not true.

Incomplete packaging

If you decide to purchase a security solution from a third-party seller — on eBay, for example — you might end up paying a bit less for a lot less. What’s shown on the site is always a traditional software box, but it’s been years since anyone bought software online and waited for a box to come in the mail. Even when you buy directly from Kaspersky Lab’s website or our official partners, you get an activation code and download the software.

When you buy from a third party, they’ll still show product box photos, whether the seller is legitimate or a scammer. In the best-case scenario, you’ll get a good activation code and download link. Or you might get an empty box.

Why would you care about incomplete packaging if the AV solution seems to work? Well, it’s true that the box doesn’t matter. But when you buy a security solution, you also get the right to receive customer support. If, when you install the software you downloaded, you face activation or licensing issues, the first thing Kaspersky Lab Technical support will ask for is information from the packaging — that’s your proof of (legitimate) purchase. Without that information, the support engineer will not be able to help you. In fact, any tech support will require a legitimate product code.

Of course, if you bought legitimate software, you don’t need a box to prove it: You can provide the order number from your e-mail receipt, which contains the purchase invoice and the e-mail address you used for the product purchase.

If, despite our recommendations, you still think purchasing the product from a third-party seller is worth the risk, please request all the data you’ll need, including the e-mail address they used for the purchase and the original invoice they received.



Kaspersky Lab official blog

Intel AMT security issue gives attackers complete control over a laptop

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The simple yet dangerous security issue The … More

RIPE 72 – Copenhagen

While in Copenhagen during May, I had the opportunity to attend my first RIPE event. As a self-confessed non-geek, I wasn’t entirely sure what I was letting myself in for at RIPE 72. What I found, was a group of passionate technologists, as demonstrated by the pride with which the delegates immediately donned the obligatory, ‘Super Geek’ emblazoned, promotional t-shirts. The event presented a chance to meet with network engineers from across the globe, some of the people who make the Internet tick (or at least know where the clock is and how to adjust the hands) and participate in discussions both practical and policy related.

The schedule for Tuesday covered a wide variety of topics, ranging from “IoT isn’t going to make your company rich and the importance of the Internet community overcoming the hurdles of compatibility, obsolescence and security”, to “An in-depth look at Comcast’s impressive IPv6 service and deployment“. The latter being an impactful presentation by John Jason Brzozowski of COMCAST, describing where they’re at with their IPv6 offering. The numbers certainly are impressive, 98+% of the 40m devices on the network are managed using IPv6 only (trending towards 100%). Additionally, by APNIC’s measurements, 87% of COMCAST’s broadband customers have native IPv6 enabled.

Another interesting presentation (by Andrew Owens of Teraco, South Africa) focused on the state of Internet provision in Africa. Andrew recounted a great anecdote, of a race to transfer 4GB of data, over a distance of 60 miles. On one side, the fastest available ISP, on the other, a memory card strapped to a carrier pigeon. The ISP managed to deliver 4% of the data by the time the pigeon landed. It was thought-provoking to consider that fast Internet access is only available via sea cables, as cabled infrastructure to central African countries is still very poor. It seems there is a need for both political and economic stability, and major investment in infrastructure, before the situation will improve.

By Friday, the total number of attendees checked-in had hit 676 – very impressive. However, I was stuck by one worrying observation: the age of those present. Those who can rightly consider themselves guardians of the Internet from its inception, were by far the most well represented demographic. Whilst these people are certainly young in mind and thought, there is a definite need to identify the future leaders and innovators amongst us. Those who will steer us beyond IPv6, IoT and the concerns of today, and navigate the next new technology to hit the World Wide Web, changing how we will use the Internet in the years to come.

For me, the most valuable aspect of RIPE 72, was the chance to spend a week immersed in a community that I do not interact with regularly. These are the influencers around Internet policy, infrastructure and use. As a group, they did not want to be preached to (or directed by) governments, particularly regarding control of the Internet. Whilst they may be perceived as anti-regulation, in some cases anti-legislation, what stuck me was the passion of the delegates; not only knowledgeable, but ardent defenders and true guardians of a free and open Internet.

Authored by Kevin Williams

 

Additional subjects covered over the week included the future activity of RIPE and ICANN, discussions around ITU (centered on policy and regulation). There was also time devoted to the topic of enabling free and unhindered access to the Internet for all. On the flip-side, there were some conversations on abuse as well. Video recordings and transcripts for all of the presentations can be found at: https://ripe72.ripe.net/archives/.

A shortened version of this article has also been published in the LINX (London Internet Exchange) online magazine, and can be found on Page 18 at: https://www.linx.net/documents/www.linx.net/uploads/hotlinx/hotlinx-46.pdf


UTRS_logo
At Team Cymru, we’re offering the Unwanted Traffic Removal Service (UTRS), free to the online community. UTRS is a system that allows cooperating BGP speakers to distribute verified BGP-based filter rules. DDoS victims are able to alleviate attacks by preventing the malicious traffic reaching their network. UTRS operators also benefit as unnecessary packets are blocked at source, freeing up network resources for legitimate traffic.