THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET presented at BlackHat USA 2012

by Alex Stamos, Tom Ritter,

Tags: IPv6 DNSSEC GTLDs

Summary : In what may be the greatest technical shift the Internet has seen, three of the network\'s major foundations are being overhauled simultaneously: IPv6, DNSSEC and the creation of hundreds of new top-level domains. Two of these technologies are direct responses to the artificial scarcity of names and addresses on the Internet, and one is meant to address the lack of trust we have in the Internet\'s fundamental architecture. Unfortunately the unexpected secondary effects of these changes have not been appropriately explored, and enterprise IT and risk teams need to come to grips with the fact that the products and processes they have honed over the last decade will not serve them well in the next.
This talk will provide a quick background of these technologies and the direct security impacts faced by network administrators today, even if you\'re "not using that yet". (Hint: You probably are, you just don\'t know it.) A great deal of modern fraud, spam and brand abuse infrastructure is based upon assumptions from the IPv4/old gTLD world, and we will explore which of these protections are completely useless and which can be retrofitted to provide some value. We will then explore the indirect impacts on monitoring, compliance, intrusion detection and prevention, and the future of enterprise architecture and defense.