• 46% of all underground servers in US and Canada

    according to a new report by Symantec released today


  • NIST publishes free guide for information security and risk categorisation

    The first NIST document is 53p and shows procedures to categorize information according to risk and importance. "

    Security categorization provides a vital step in integrating security into the government agency’s business and information technology management functions and establishes the foundation for security standardization amongst their information systems. Security categorization starts with the identification of what information supports which government lines of business, as defined by the Federal Enterprise Architecture (FEA). Subsequent steps focus on the evaluation of the need for security in terms of confidentiality, integrity, and availability. The result is strong linkage between missions, information, and information systems with cost effective information security.

    It also has an appendix of 300+p with all the terms and formulas

  • Document of the day : delision of net neutrality and online video streaming


    If service providers are to derive significant revenues and profits by exploiting freedom from net neutrality limitations, they will need to engage in much more intrusive control of traffic than just provision of special channels for streaming movies.

    Service providers argue that if net neutrality is not enforced, they will have sufficient incentives to build special high-quality channels that will take the Internet to the next level of its evolution. But what if they do get their wish, net neutrality is consigned to the dustbin, and they do build their new services, but nobody uses them? If the networks that are built are the ones that are publicly discussed, that is a likely prospect. What service providers publicly promise to do, if they are given complete control of their networks, is to build special facilities for streaming movies. But there are two fatal defects to that promise. One is that movies are unlikely to offer all that much revenue. The other is that delivering movies in real-time streaming mode is the wrong solution, expensive and unnecessary.

    The delusions of net neutrality

    Andrew Odlyzko -

    School of Mathematics, University of Minnesota  Minneapolis, MN 55455, USA - Revised version, August 17, 2008


  • Document of the day are commercial firewalls ready for IP version 6?

    Dave Piscitello is a Senior Security Technologist for ICANN. A 30-year Internet veteran, Dave currently serves on ICANN’s Security and Stability Advisory Committee.


    We find the limited support for IPv6 stateful packet inspection across the commercial firewall product sector quite worrisome. Many vendors extend stateful packet inspection techniques to provide additional application-level protection measures. We also find another cause for concern in the limited availability of IPv6 support at the “periphery” of the Internet. Support for advanced security features is weakest in SOHO and SMB segments, although we did not include broadband access devices that claim firewall capabilities

    in our survey. Such devices have very little, if any, firewall capability beyond static packet filtering. We speculate that support is no stronger in the broadband market than in SOHO, and we speculate further that if we had included such devices, the overall results of IPv6 support among commercial firewall and “router/firewall” products would have been even more discouraging.

    We conclude by quoting from our report:

    Internet firewalls are the most widely employed infrastructure security technology today. With nearly two decades of deployment and evolution, firewalls are also the most mature security technology used in the Internet.
    They are, however, one of many security technologies commonly used by Internet-enabled and security-aware organizations to mitigate Internet attacks and threats.

    This survey cannot definitively answer the question, “Can an organization that uses IPv6 transport enforce a security policy at a firewall that is commensurate to a policy currently supported when IPv4 transport is used?”

    The survey results do suggest that an organization that adopts IPv6 today may not be able to duplicate IPv4 security feature and policy support.

    A comment we heard all too frequently and from altogether too many commercial
    firewall vendors during our study was, “No one’s asking for IPv6.” Markets can turn quickly, but not overnight. If we begin asking commercial
    firewall vendors soon we might expect the availability of IPv6 support to improve within the next 9–18 months. If the available IPv4 address pool evaporates faster, some organizations may experience difficulties satisfying security policies with the commercial firewalls they currently employ.


  • World Population Index (document of the day)

    News release: "The demographic divide — the inequality in the population and health profiles of rich and poor countries — is widening. Two sharply different patterns of population growth are evident: Little growth or even decline in most wealthy countries and continued rapid population growth in the world’s poorest countries.

    In 2008, world population is 6.7 billion: 1.2 billion people live in regions classified as more developed by the United Nations; 5.5 billion people reside in less developed regions. "We will likely see the 7 billion mark passed within four years," said Carl Haub, PRB senior demographer and co-author of this year's Data Sheet. "And by 2050, global population is projected to rise to 9.3 billion. Between now and mid-century, these diverging growth patterns will boost the population share living in today’s less developed countries from 82 percent to 86 percent."