«I had the distinct pleasure of working with Fernando during my tenure at Yalo, and from our very first interaction, it was evident that collaborating with him would be a rewarding experience. At that time, I was responsible for developing a solution for our new Business Unit focused on electronic payments. Fernando immediately extended his expertise and support, becoming an invaluable asset to our team. Fernando's technological proficiency is truly exceptional. His deep knowledge of security technology and his keen understanding of the implications of every security pathway were instrumental in the success of our project. Facing an aggressive timeline to bring our solution to market, Fernando rose to the challenge, providing unwavering support and expert guidance to ensure we met our goals. Fernando's combination of technical acumen, dedication, and collaborative spirit is truly impressive. Any organization would be fortunate to have someone of his caliber, and I wholeheartedly recommend him for any opportunity he pursues.»
Acerca de
Fernando Gont is currently Staff Platform Security Engineer at Yalo, and has over twenty…
Actividad
-
Visit of my old friend Florian Horsch at HOLY, one of the coolest #hypergrowth startups in Berlin. Also had some good discussions about #foundermode
Visit of my old friend Florian Horsch at HOLY, one of the coolest #hypergrowth startups in Berlin. Also had some good discussions about #foundermode
Recomendado por Fernando Gont
-
📣 Comunidad de #ISP de Yucatán e #IXSYFellows 👩🏽💻🧑🏻💻2️⃣0️⃣2️⃣5️⃣ Vamos caminando hacia el #IXSYMeeting 2️⃣0️⃣2️⃣5️⃣, con el entrenamiento…
📣 Comunidad de #ISP de Yucatán e #IXSYFellows 👩🏽💻🧑🏻💻2️⃣0️⃣2️⃣5️⃣ Vamos caminando hacia el #IXSYMeeting 2️⃣0️⃣2️⃣5️⃣, con el entrenamiento…
Recomendado por Fernando Gont
-
Updated revision of my IETF Interne-Draft "Problem Statement about IPv6 Support for Multiple Routers, Multiple Interfaces, and Multiple Prefixes"…
Updated revision of my IETF Interne-Draft "Problem Statement about IPv6 Support for Multiple Routers, Multiple Interfaces, and Multiple Prefixes"…
Compartido por Fernando Gont
Experiencia de voluntariado
-
Chair
LACNIC Security Forum (LACSEC)
- 7 años 6 meses
Moderator of the LACNIC Security Forum, and Chair of the LACSEC event
Publicaciones
-
RFC 6528: Defending against Sequence Number Attacks
IETF
This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
Otros autores -
-
RFC 6274: Security Assessment of the Internet Protocol Version 4
IETF
This document contains a security assessment of the IETF specifications of the Internet Protocol version 4 and of a number of mechanisms and policies in use by popular IPv4 implementations. It is based on the results of a project carried out by the UK's Centre for the Protection of National Infrastructure (CPNI).
-
RFC 6191: Reducing the TIME-WAIT State Using TCP Timestamps
IETF
This document describes an algorithm for processing incoming SYN segments that allows higher connection-establishment rates between any two TCP endpoints when a TCP Timestamps option is present in the incoming SYN segment. This document only modifies processing of SYN segments received for connections in the TIME-WAIT state; processing in all other states is unchanged.
-
RFC 6056: Recommendations for Transport-Protocol Port Randomization
IETF
During the last few years, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the five-tuple (Protocol, Source Address, Destination Address, Source Port, Destination Port) that identifies the transport protocol instance to be…
During the last few years, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the five-tuple (Protocol, Source Address, Destination Address, Source Port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a number of simple and efficient methods for the selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods for protecting the transport-protocol instance, the aforementioned port selection algorithms provide improved security with very little effort and without any key management overhead. The algorithms described in this document are local policies that may be incrementally deployed and that do not violate the specifications of any of the transport protocols that may benefit from them, such as TCP, UDP, UDP-lite, Stream Control Transmission Protocol (SCTP), Datagram Congestion Control Protocol (DCCP), and RTP (provided that the RTP application explicitly signals the RTP and RTCP port numbers).
-
RFC 6093: On the Implementation of the TCP Urgent Mechanism
IETF
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications…
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
Otros autoresVer publicación -
RFC 5927: ICMP Attacks against TCP
IETF
This document discusses the use of the Internet Control Message Protocol (ICMP) to perform a variety of attacks against the Transmission Control Protocol (TCP). Additionally, this document describes a number of widely implemented modifications to TCP's handling of ICMP error messages that help to mitigate these issues.
-
RFC 5482: TCP User Timeout Option
IETF
The TCP user timeout controls how long transmitted data may remain unacknowledged before a connection is forcefully closed. It is a local, per-connection parameter. This document specifies a new TCP option -- the TCP User Timeout Option -- that allows one end of a TCP connection to advertise its current user timeout value. This information provides advice to the other end of the TCP connection to adapt its user timeout accordingly. Increasing the user timeouts on both ends of a TCP…
The TCP user timeout controls how long transmitted data may remain unacknowledged before a connection is forcefully closed. It is a local, per-connection parameter. This document specifies a new TCP option -- the TCP User Timeout Option -- that allows one end of a TCP connection to advertise its current user timeout value. This information provides advice to the other end of the TCP connection to adapt its user timeout accordingly. Increasing the user timeouts on both ends of a TCP connection allows it to survive extended periods without end-to-end connectivity. Decreasing the user timeouts allows busy servers to explicitly notify their clients that they will maintain the connection state only for a short time without connectivity.
Otros autoresVer publicación -
RFC 5461: TCP's Reaction to Soft Errors
IETF
This document describes a non-standard, but widely implemented, modification to TCP's handling of ICMP soft error messages that rejects pending connection-requests when those error messages are received. This behavior reduces the likelihood of long delays between connection-establishment attempts that may arise in a number of scenarios, including one in which dual-stack nodes that have IPv6 enabled by default are deployed in IPv4 or mixed IPv4 and IPv6 environments.
-
Security Assessment of the Transmission Control Protocol (TCP)
United Kingdom's Centre for the Protection of National Infrastructure (CPNI)
This document is the result of a security assessment of the IETF specifications of the Transmission Control Protocol (TCP), from a security point of view. Possible threats are identified and, where possible, countermeasures are proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems.
-
Security Assessment of the Internet Protocol
United Kingdom's Centre for the Protection of National Infrastructure (CPNI)
This document is the result of an assessment of the IETF specifications of the Internet Protocol from a security point of view. Possible threats were identified and, where possible, counter-measures were proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems. This document does not limit itself to
performing a security assessment of the relevant IETF…This document is the result of an assessment of the IETF specifications of the Internet Protocol from a security point of view. Possible threats were identified and, where possible, counter-measures were proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems. This document does not limit itself to
performing a security assessment of the relevant IETF specification but also offers an assessment of common implementation strategies.
Whilst not aiming to be the final word on the security of the IP, this document aims to raise awareness about the many security threats based on the IP protocol that have been faced in the past, those that we are currently facing, and those we may still have to deal with in the future. It provides advice for the secure implementation of the IP, and also insights about the security aspects of the IP that may be of help to the Internet operations
community.
Proyectos
-
SI6 Networks' IoT Toolkit
The SI6 Networks' Internet of Things (IoT) Toolkit is a security assessment and troubleshooting tool for IoT devices and protocols.
-
IPv6 Toolkit Debian package
Collaboration with Octavio Alvarez (maintainer of the SI6 Networks' IPv6 toolkit Debian package)
Otros creadoresVer proyecto -
SI6 Networks' IPv6 Address Monitoring Daemon
ipv6mon is a tool meant for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time. ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.
-
SI6 Networks' IPv6 Toolkit
The IPv6 toolkit is a portable IPv6 security assessment suite originally produced by Fernando Gont as part of a project funded by the UK CPNI.
Idiomas
-
Spanish
Competencia bilingüe o nativa
-
English
Competencia bilingüe o nativa
-
Portuguese
Competencia básica
Empresas
-
IEEE
-
Recomendaciones recibidas
2 personas han recomendado a Fernando
Unirse para verloMás actividad de Fernando
-
Este domingo saldré en el programa de Teresa Cabado, Educacion y Sociedad en el canal Metro. Representando al Instituto Universitario para el…
Este domingo saldré en el programa de Teresa Cabado, Educacion y Sociedad en el canal Metro. Representando al Instituto Universitario para el…
Recomendado por Fernando Gont