IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey 2004-11-30.

Slides:



Advertisements
Similar presentations
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Advertisements

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
COSC 541 Data and Computer Communications IPV6 OVERVIEW Professor:Mort Anvari Student: Fuqiang Chen Student ID: Date:Mar
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Security at the Network Layer: IPSec
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
K. Salah1 Security Protocols in the Internet IPSec.
Transmission Control Protocol Internet Protocol TCP/IP.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
1Group 07 IPv6 2 1.ET/06/ ET/06/ ET/06/ EE/06/ EE/06/ EE/06/6473 Group 07 IPv6.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Advanced Unix 25 Oct 2005 An Introduction to IPsec.
IPv6, the Protocol of the Future, Today Mathew Harris.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Karlstad University IP security Ge Zhang
IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
Network Layer Security Network Systems Security Mort Anvari.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Presentaion on ipsecurity Presentaion given by arun saraswat To lavkush sharma sir arun saraswat1.
An Analysis on NAT Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
CSE 4905 IPsec.
Encryption and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
IT443 – Network Security Administration Instructor: Bo Sheng
Internet technologies
CSE565: Computer Security Lecture 23 IP Security
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Security Protocols in the Internet
Computer Networks Protocols
Chapter 6 IP Security.
Presentation transcript:

IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey

TCP/IP Overview The protocol suite that is used for communications for the Internet The protocol suite that is used for communications for the Internet Adopted en masse across the Arpanet in 1983 as a de facto standard for protocols Adopted en masse across the Arpanet in 1983 as a de facto standard for protocols Replaced the much slower and harder to maintain NCP protocol Replaced the much slower and harder to maintain NCP protocol

IPv4 Overview First put forward as an RFC in 1981 First put forward as an RFC in 1981 Combined with TCP shortly thereafter to handle the routing of packets Combined with TCP shortly thereafter to handle the routing of packets It has been used since the early 80s, and is still the most widespread today It has been used since the early 80s, and is still the most widespread today

IPv4 Problems Small addressing space Small addressing space 32-bits - 4,294,967,296 unique nodes 32-bits - 4,294,967,296 unique nodes NATs created to help NATs created to help Total lack of security Total lack of security Not originally a problem Not originally a problem Usability over security Usability over security Packets are susceptible to interception and alteration Packets are susceptible to interception and alteration

IPv6 Overview Slow in deployment Slow in deployment Much larger addressing space Much larger addressing space 128-bit × nodes 128-bit × nodes More than we should need More than we should need IPSec – Internet Protocol Security Suite IPSec – Internet Protocol Security Suite Designed to run on both IPv4 and IPv6 Designed to run on both IPv4 and IPv6 Optional for IPv4; Required for IPv6 Optional for IPv4; Required for IPv6

IPSec Overview Operates at Level 3 (Network Layer) of the OSI Model Operates at Level 3 (Network Layer) of the OSI Model Two types of security in IPSec Two types of security in IPSec Portal to portal – security provided to several machines by a single node Portal to portal – security provided to several machines by a single node End to end – source/destination computers do the security processing End to end – source/destination computers do the security processing Two modes of operation: Two modes of operation: Transport Mode Transport Mode Tunnel Mode Tunnel Mode

IPSec Protocols Authentication Header (AH) Authentication Header (AH) A CRC-like hash value computer and stored in each packet A CRC-like hash value computer and stored in each packet Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) Encrypts the packet and stores a header showing the type of encryption, etc. Encrypts the packet and stores a header showing the type of encryption, etc.

Transport Mode Only the raw data within the packet is encrypted Only the raw data within the packet is encrypted Security headers placed in-between the data and the regular IP headers Security headers placed in-between the data and the regular IP headers IP headers remain unmodified IP headers remain unmodified

Tunnel Mode STunnel on Linux accomplishes the same task (for IPv4) STunnel on Linux accomplishes the same task (for IPv4) Encrypts the entire packet Encrypts the entire packet Even encrypts the headers Even encrypts the headers Encapsulates the old packet within a new packet Encapsulates the old packet within a new packet Adds new security headers Adds new security headers Adds new IP headers Adds new IP headers

IPv6 Wares Built-in to Windows (as of Windows XP) Built-in to Windows (as of Windows XP) Built-in to Linux (IPSec as of Kernel 2.6) Built-in to Linux (IPSec as of Kernel 2.6) Built-in to Mac OS X Built-in to Mac OS X Built-in to OpenBSD Built-in to OpenBSD FreeS/WAN – FreeS/WAN – Many other free and open source alternatives Many other free and open source alternatives Still no widespread usage Still no widespread usage

THE END