If, like us, you use an HSM to store your DNSSEC key material you may know that it is important to monitor memory usage in your HSM; with a typical DNSSEC key management scheme you may have as many as 5 keys active per signed domain. This can be a burden on your HSM, especially if it has a limited amount of storage like ours do.
Wat is IRMA?
Sinds begin 2012 werkt SURFnet samen met de Radboud Universiteit, TNO en SIDN in een project dat luistert naar de naam ‘IRMA’. In deze blogpost willen we wat meer vertellen over dit project en de onderliggende technologie.
SURFconext combines all sorts of technologies in a single collaboration platform, and when all these technologies are working in concert, that’s when SURFconext really shines. But the interweaving of those technologies can also make SURFconext seem complex and daunting at times. In this post I’ll try to shed some light on one of the most important pieces of the SURFconext jigsaw: the Security Assertion Markup Language, or SAML for short.
Als onderdeel van de LTE-activiteiten zijn in het kantoor van SURFnet zes antennes aangebracht die LTE-frequenties zenden en ontvangen op de frequentie 2.6Ghz. In de serverruimte op de vijfde verdieping staat een LTE-basisstation die aangestuurd wordt door LTE-apparatuur in de backend van KPN. Deze apparatuur is hardware matig ingesteld op het laagste niveau. Verder zijn er fysieke dempers aangebracht in de splitter van de antenne om het stralingsniveau te reduceren.
SURFnet and security are like Cain and Abel. That’s obvious to anybody who has been the subject of DDOS attacks or has been in contact with SURFcert. From the beginning, SURFnet has always paid a lot of attention to security in connection with the Internet, the SURFnet network, and the networks of its connected institutions.
One of our goals with this blog has been to share what we have learned from our DNSSEC deployment with our constituency and the wider Internet community. Last month we performed a complicated operation on our DNSSEC signer deployment: we migrated from the existing signer setup to a completely independently running new signer. We had prepared this migration beforehand and the migration was a big success; all our signed domains were migrated safely while remaining secure.
Karl Kapp’s latest book offers best practices, design considerations, and pragmatic recommendations that will surely change the way you think about enhancing your learning initiatives through the use of games.
Bron: https://learningsolutionsmag.com/articles/915/book-review-the-gamificat…
VU-onderzoeksinstituut LEARN! organiseert een interessante lezing over de waarde van computerspellen voor de ontwikkeling en het leerproces van kinderen.
Today we published the Final report DNSSEC in SURFdomeinen describing our DNSSEC deployment. This will be the last post for a while on our DNSSEC deployment, we are going to continue later this year. In the mean time, I will try to post updates when I have interesting information available for instance about the validation rate as the year progresses.
One of the things we discovered while we were rolling out our deployment is that it is very important to monitor the availability of signed zones (see also this post by Migiel de Vos on monitoring). We have deployed default monitoring based on Nagios, with checks that verify if all signer components are running. One of the things we cannot check that way is whether signatures are valid for long enough. And that is a very important indicator of the status of the signer. Even if the signer daemon is running, that does not guarantee that it is actually resigning the zone correctly.
