Tls

What is DNS over TLS, and how should you test it?

We’ve mentioned CloudFlare’s 1.1.1.1 DNS Service before, and the possible effects of its use on gateways. One of its features is the ability to use DNS over TLS, also called “DNS Privacy” by the people at DNSPrivacy.org. DNS over TLS, defined in IETF RFC 7858, is a standard developed to provide secure communication of DNS queries and responses between a DNS client and a DNS server. As more end devices and service providers seek to make use of it to benefit their end users, it has become an important feature to test on home and business network devices. Read more...

Best Practices for Securing TR-069

For our article on the alleged TR-069 vulnerability during the Mirai bot scare, go here. As one of the most largely deployed broadband management protocols in the world, TR-069 has quite a footprint, and a compromised system could potentially affect many broadband subscribers adversely. Luckily, TR-069 is built to operate on secure transport protocols. While there is nothing inherently insecure to the protocol itself, improper implementation of TR-069 clients and servers may expose problems that can be exploited by malicious attackers, as is the case with any web service. Read more...

Common testing issues with TR-069 and SSL

Here are solutions to a few common TR-069 SSL-related issues. The CPE does not have a time source Some CPE devices will not validate a SSL/TLS certificate from the ACS until a time source is established. TR-069 states that devices should skip date validation of certificates if a time source is not established. However, in practice some CPE devices simple end the SSL connection. A common symptom of this problem are DNS requests to an NTP server which is not configured. Read more...

How do I convert from a Java keystore certificate to .pem format?

To convert a Java keystore certificate to .pem format, follow these steps: Download and run the KeyTool IUI. Export the private key and certificate chains file from the keystore to a .pem file. This can be done by selecting Export > Keystore’s Entry > Private Key from the KeyTool IUI. Choose a target private key file and a target certificate chains file, and select .pem as the export format for both. Read more...