February 2014 – SWITCH Security-Blog

IT-Security-Links #50

The ICC Belgium published a 72-page Cyber Security Guide including a Security Self Assessment Questionnaire.
Have you heard about the Security Bloggers Network? It’s the largest collection of information security focused blogs and podcasts in the world with almost 300 different blogs and podcasts included. They offer one feed of all the sites. (Sub-feeds for specified categories are in the works.)
Mobile Malware: Ten Years of Mobile Malware – From Symbian Worm to Tor-Based Android Backdoor, an overview by Softpedia with a nice graph from Symantec. Also Kaspersky published an article on Mobile Malware Evolution.
On 20th February 2014 the Niklaus Wirth Birthday Symposium took place in Zurich. Slides and video recordings of the talks are freely available. We recommend Software Defenses Using Compiler Techniques, a talk about compiler-generated software diversity as a defense mechanism against cyber attacks.
Anatomy of a “goto fail” – Apple’s SSL bug explained, by Sophos.

IT-Security-Links #49

Economic Crime Data: PwC published the findings of their Global and Swiss Economic Crime Survey 2014 as well as a 30-page PDF “Global Economic Crime Survey 2014 – A Swiss Perspective“.
More than 300.000 credentials were posted on Pastebin in 2013 according to a recent analysis by a Swiss security firm – which is just a small percentage of the stolen information posted publicly by hackers.
Sophos says 2013 was an epic year for data breaches – with over 800 million records lost.
DDoS: Who run the DDoS-for-hire services and why they themselves have to hide behind DDoS protection?
DDoS: What comes after NTP reflection attacks? And a friendly BCP38-reminder…
Meet Brian Krebs: How the author of the widely read cyber security blog ‘Krebs on Security’ lives and survives.
The ‘Moon’ worm never reaches a device which has anti-virus protection running on it. Why? It infects your Linksys router.

IT-Security-Links #48

DDoS: A ‘record-breaking’ NTP reflection DDoS attack peaked at 400 Gbit/s, which is about 100 Gbit/s more than the largest previously seen DDoS attack against Spamhaus…
…and in this blog article from Cloudflare ntpd- and Network-Operators learn how to mitigate NTP-based DDoS attacks.
NSA: The German government and the German Federal Intelligence Service are facing legal action because they allegedly aided the U.S. National Security Agency data collection program. The German Chaos Computer Club filed a criminal complaint together with the International league for human rights.
ENISA published a flash note about the risks of using discontinued software.
Arbor Networks released their annual Worldwide Infrastructure Security Report. A presentation of key findings and infographics are also available.
Most vulnerable operating systems and applications in 2013: Cristian Florian compiled the data from the US National Vulnerability Database (NVD) to a report.
NIST Cybersecurity Framework: The US National Institute of Standards and Technology released the first version of a Framework for Improving Critical Infrastructure Cybersecurity, a 41-page PDF file with standards, guidelines and practices to promote the protection of critical infrastructure.

Unser SWITCH Security-Report für Februar 2014 ist verfügbar

Die aktuelle Ausgabe unseres monatlich erscheinenden ‘SWITCHcert Reports zu aktuellen Trends im Bereich IT-Security und Privacy‘ ist soeben erschienen.

Themen diesen Monat:

Bundesamt nach E-Mail-Sicherheitstest massiv in der Kritik
Medien verbreiten Panik vor weltweiten Geldautomaten-Ausfällen
Google Glass schafft Tatsachen in punkto Gesichtserkennung
NSA-Update: Kritiker nehmen Anlauf
Und wie immer Links zu spannenden Präsentationen, Artikeln und Videos rund um die Themen IT-Security und -Privacy.

Zum Download (PDF):

Haben Sie unseren vorigen Security-Report verpasst? Hier kommen Sie zum Archiv.

Bitte beachten Sie: Ab sofort wird der Report nach dem Monat seines Erscheinungsdatums benannt. Der Security-Report für den Monat Januar heisst damit erstmals «Security Report Februar».

DNS Zone File Time Value Recommendations

When setting up a zone file for a domain name, the administrator can freely choose what time values he would like to set on the SOA record or regarding the Time To Live (TTL) value on the Resource Records (RR). There are already many useful documents describing recommendations for these time values but most lack the reference to signed zones using DNSSEC because at the time these documents were published, DNSSEC did either not exist or had no relevance. We tried to update the recommendations for these time values so that the none-experts can adapt their template or have a reference. Our recommendations work for both signed and unsigned zones and in the best case it helps improve the stability and resilience of the DNS.

Our recommended DNS example.com zone file in BIND format looks as follow:

$TTL 86400 ; (1 day)
$ORIGIN example.com.
@ IN SOA ns1.example.com. hostmaster.example.com. (
                2014012401 ; serial YYYYMMDDnn
                14400      ; refresh (4 hours)
                1800       ; retry   (30 minutes)
                1209600    ; expire  (2 weeks)
                3600       ; minimum (1 hour)
                )

         86400    IN   NS    ns1
         86400    IN   NS    ns2

                   IN   A     203.0.113.10
                   IN   AAAA  2001:DB8:BEEF:113::10
www                IN   CNAME example.com.
ftp                IN   CNAME example.com.

ns1      86400    IN   A     192.0.2.22
         86400    IN   AAAA  2001:DB8:BEEF:2::22
ns2      86400    IN   A     198.51.100.22
         86400    IN   AAAA  2001:DB8:BEEF:100::22
...

Please read the following sections for a more detailed explanation.

Continue reading “DNS Zone File Time Value Recommendations”