All Things IPv6

  • RMF: Is It Effective?

    By Kathryn Daily, CISSP, RDRP In July 2017, SolarWinds conducted an online survey via Market Connections aimed at approximately 200 federal government IT decision makers and influencers in order to determine challenges faced by IT professionals to prevent security threats, quantify sources and types of IT threats, determine elements that aid successful management of risk, […]

  • Risk Management Framework Training

    Understanding the Authorization Decision

    By Lon Berman, CISSP of BAI Information Security If you ask most system owners about the desired outcome of their RMF efforts, they will readily tell you “we are expecting the Authorizing Official (AO) to sign an Authorization to Operate (ATO) for our system.” But how much do they really know about what goes into […]

  • The Altruism of IPv6

    Disclosure:  I am one of the world’s biggest fans of, and greatest advocates for, IPv6.  In the words of rapper 50 Cent, “I love it like a fat kid loves cake.”  Anyone I have ever been able to corner in a room knows this to be true.  That being said… I just finished reading [yet […]

  • John Brennan, AOL, and Bruce Schneier Driving Hard Left

    I just finished reading Bruce Schneier’s blog entry, titled “The Doxing Trend”. Let me start by writing that I am usually a big fan of Mr. Schneier. I look forward to his newsletter and I have tremendous respect for his technical intelligence. But as I read his doxing article I couldn’t help but wonder what […]

  • What Are CCIs and Why Should I Care About Them?

    By Kathryn M. Farrish, CISSP One of the more recent information security innovations is the Control Correlation Identifier, or CCI. Each CCI provides a standard identifier and description for “singular, actionable statements” that comprise a security control or security best practice. The purpose of CCIs is to allow a high level statement made in a […]

  • RMF Transition Training Course

    RMF Transition—What do I Really Need to Know?

    By Lon J. Berman, CISSP It’s hard to believe it’s been a whole year since the publication of DoD Instruction (DoDI) 8510.01 in March of 2014, which officially began the transition from the DIACAP process and IA Controls to the Risk Management Framework (RMF) and NIST Security Controls. While there are isolated pockets of progress […]

  • ITdojo’s v6 Vertex #4: A Brief Explanation of IPv6 Address Types

    v6 Vertex – A Brief Explanation of IPv6 Address Types

    ITdojo’s v6 Vertex is an ever-expanding set of quick tips and useful advice for using IPv6 in your network.

    People who have been using IPv4 for some time know that there are three basic address types that are commonly discussed:  unicast, broadcast and multicast.

    When it comes to address types IPv6 offers us some of what we already know and then takes things a step further.  In this article I offer a quick, concise explanation of each IPv6 address type.

  • ITdojo’s v6 Vertex #2: Forcing ssh to use IPv6

    v6 Vertex – Quick Tips & Pointers for IPv6 Users

    ITdojo’s v6 Vertex is an ever-expanding set of quick tips and useful advice for using IPv6 in your network.

    SSH use is daily and ubiquitous. In our increasingly mixed IPv4/IPv6 world we need to be conscious of the ways in which we are connecting (or not connecting) to our devices.

    There are a few ways in which you will connect to your remote devices via SSH. They include:

    • By using the actual IP address (v4 or v6). This option doesn’t require much discussion. the type of IP address you enter (4 or 6) will determine the protocol you use.
      • Example: ssh 2001:db8::1234
      • Example: ssh 131.107.1.1
    • Using a NetBIOS name you can do a local broadcast or WINS query (Microsoft). This will give you IPv4 addresses only. IPv6 and NetBIOS don’t go together.
      • Example: ssh computer1
      • Note: Microsoft does not have a built-in ssh client.  It is one of the great mysteries of our time as to why they won’t embrace something so commonly used.
      • Another note: How your device is configured may vary the way in which this is resolved. It could get your system’s DNS suffix appended and be sent to DNS rather than broadcast on the local LAN or, perish the thought, sent to a WINS server. No, I have not forgotten the hosts file or the LMHOSTS file. I’m just ignoring them for the moment.
    • DNS query. This could return either an A record (IPv4), an AAAA record (IPv6), or both. This depends on your network. If you get both, most modern systems will prefer the AAAA record or use the “Happy Eyeballs” technique to connect to whichever responds first.
      • Example: ssh <fully-qualified-domain-name>
    • Multicast name resolution (mDNS, ZeroConf, SSDP, Bonjour, Avahi, etc.). Like DNS, this could return either an A record or an AAAA record, depending on the nodes in your network.
  • IPv6 Training on East Coast Oct. 8 – 11

    Coming up on October 8, 2013, we will be running our IPv6: Understanding, Analysis & Implementation training course here at our Virginia Beach facility. Let’s face it, the implementation of IPv6 is inevitable and will effect every enterprise network on the planet eventually. The protocol is already being deployed worldwide! IPv6 allows for increased address […]