Improving Network Security by Adding Randomness

Presented at REcon 2005, June 19, 2005, 10:30 a.m. (60 minutes)

The OpenBSD project has been very aggressive in its use of strong pseudo-random data in its network code; as a policy, pseudo-random data is used in protocol fields wherever possible, in many cases in a way not envisioned by the protocol designers. Randomness is also used within the network code to protect against denial of service attacks. This presentation outlines the reasons for this approach, discusses how and where it is implemented in OpenBSD, and provides examples of attacks which this approach has mitigated.

Presenters:

• Ryan McBride
  Ryan McBride, CISSP - Information Security Consultant and OpenBSD Hacker. Ryan has 10 years of experience wearing a suit in the Information Systems industry. Over this period, he has worked with public, private, and non-profit organisations ranging in size from small office to "Fortune 50". His experience includes Security Policy development, Software Development, VPN design and deployment, firewall configuration, and IDS deployment and monitoring. When not wearing a suit, Ryan amuses himself by working on OpenBSD's networking code.

Similar Presentations:

• BSides Austin 2017 / OpenBSD and the security diaspora
• May Contain Hackers (MCH2022) / drand: publicly verifiable randomness explained
• The Next HOPE (2010) / Much Ado About Randomness