Security Scene: December Edition
Estimated reading time: 3 minutes
By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer
Near and dear to our hearts are our K-12 schools — they’re especially appreciated this year for all they’ve done and all they’ve tried to do. Dark Reading came up with a list of recommendations for K-12s, and a number of them are worth keeping track of by our Research and Education Networks (RENs), as well. For example, if one school district gets attacked, anticipate a similar attack to a nearby district. Consider subscribing to or providing a DDoS prevention service (hey, we offer one of those!) for on-premises resources and considering how you would protect resources in the cloud from similar attacks. Check your major network contact lists, as well — would the newest engineer in your group know the REN. contact, or would the newest REN engineer know the appropriate K-12 contact? This sounds familiar …
Spamhaus noted that about 230,000 IPv4 addresses from 52 netblocks have suddenly and mysteriously reappeared in the routing table in the latter half of November. (You’ve heard of CDNs, but what about WDNs, or Walking Dead Networks?) All appear to be physically located in New York City, and a number of them take a BGP path via Ukrainian ISPs to backbone networks including Telia, HE, Cogent, GTT, and Lumen. Spamhaus recommends dropping these netblocks, and a full list is accessible via the article.
As the THREE OF YOU who took last month’s survey (AHEM) disclosed, there’s very little familiarity with SASE and RBI as security technologies. Secure Access Service Edge is pretty new — Gartner introduced it in 2019 to describe how users can be located in the office or remotely, working on corporate-controlled or personal devices, but we need a way to authenticate those users (and their devices) and apply intelligent security policies based on zero-trust. An element of SASE is RBI or Remote Browser Isolation. Iterations of RBI have been around since about 2016 in various forms, and basically act like a VM-as-a-browser — web-based threats are contained within a sandbox environment and cannot make their way to the end-user’s machine or local network as a whole.
Andy Ellis, CSO at Akamai, answered a bunch of questions on Reddit. He shares their normal daily target is 100Tbps (peak 167.6Tbps), provided advice on wine pairings for various security emergencies, and lists the unlikely career paths for a number of his engineers. Network security is fairly young, so not many of us have been security engineers since our very first jobs. Seeing how people have applied outside skills to their current career paths is enlightening.
A reminder that our Security Working Group meeting has been scheduled for December 17 at 4 pm Eastern time. If you need the calendar invite again, or have a topic suggestion, please let Adair know! And don’t forget to take our December 2020 Working Group survey!