What’s running on the firewall? A big list follows, with discussion.

Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.

It seems increasingly unwise to allow an Intel-made CPU to talk to the outside world. But the NUC-style machines are almost exclusively Intel. What should we do for a new firewall?

You’ll recall that I prefer firewalls to run Debian Stable, so that security updates are available promptly. While …

Several people have asked me recently what hardware I would buy today for use as a home firewall.

About a year ago, we switched ISPs from RCN to Verizon. I had no particular issues with RCN except that their prices went up each year without providing better service. (It’s true that RCN also fails to handle IPv6 natively, but Verizon shares that failure.) What’s happened in …

One problem: we have built an immense network of supercomputers that is essentially a Commons. An abuse of this Commons that would be ridiculously unprofitable if it had to be carried out by humans – say, an expected return of one one-hundredth cent per attempt – is highly attractive to unscrupulous actors …

Definitions:

• A policy is an organization’s stated objectives and methods for accomplishing a goal.

• Sustainable means a model of a system that easily fits into a person’s head and can be used as an accurate prediction of how another person accomplished a goal.

So a sustainable software policy …

In farming, monoculture is the practice of raising a single crop over and over again. You can figure out exactly what fertilizers it needs, how much water, and predict your yield accurately, year after year.

Then, one year, a blight or a virus or a bacterium or a weevil comes …

Nobody likes you when you’re 23 / And are still more amused by prank phone calls / What the hell is caller ID?

Blink-182, “What’s My Age Again?”, 1992

You probably already know that Caller ID is useful, and that it can be faked. If you want to know how …

Attackers change their behavior, so we have to change in response.

Way back in the olden days, someone with evil intent would ping your IP address to make sure it was up, run nmap to figure out which of four or five exploitable services were available, and then pound their …

Nintendo’s 3DS pocket-sized game system includes “Streetpass”, a method of sharing your high scores, Mii avatars and other game information with random strangers who also have 3DS systems. That includes the levels designed by Super Mario Maker, which are a few megabytes apiece.

The swap happens anonymously and automatically …

People just don’t take security seriously, because security is hard to understand and hard to implement and hard to maintain. We need a new way of “doing” security, and I’ve got an idea. Let’s go back to the notion of skeuomorphism: we use pictorial representations of real-world …

Information security (infosec) is very simple and very hard.

Infosec is simple: there are only three steps:

1. Figure out how you are giving information to people.
2. In each case, evaluate whether you want to do that.
3. Stop giving information to people who you don’t want to have it.

Actual …