 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Computer Security and Penetration Testing

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

K. Salah1 Security Protocols in the Internet IPSec.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Chapter 13 – Network Security

Remote Access Chapter 4. IEEE 802.1x An internet standard created to perform authentication services for remote access to a central LAN. An internet standard.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Karlstad University IP security Ge Zhang

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Juan Ortega 8/13/09 NTS300. “The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.

1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Chapter 27 IPv6 Protocol.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Virtual Private Networks

Encryption and Network Security

Chapter 18 IP Security  IP Security (IPSec)

IT443 – Network Security Administration Instructor: Bo Sheng

Understand Networking Services

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Virtual Private Networks (VPNs)

Computer Networks Protocols

Presentation transcript:

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.  IPsec ◦ Internet Engineering Task Force (IETF) ◦ Encrypts the IP connection between computers ◦ Data is encrypted at the packet level ◦ The standard for IP encryption

 IPSec provides four major functions:  Confidentiality – The sender can encrypt the packets before transmitting them across the network. If the communication is intercepted, it cannot be read by anybody.  Data Integrity – The receiver can verify whether the data was changed while travelling the internet.  Origin authentication – The receiver can authenticate the source of the packet.  Anti replay protection – The receiver can verify that each packet is unique and not duplicated.

◦ IPsec is a framework of open standards which uses the following three protocols:  Security association  Authentication Header  Encapsulating Security Payload

 Security Association: Handles protocols and algorithms used to generate the encryption and authentication keys used by Ipsec.

 Authentication Header provides connectionless integrity and data origin authentication for IP datagrams.

 Encapsulating Security Payload provides confidentiality, data origin authentication and connectionless integrity.

 IPsec was developed in conjunction with IPv6 and it is required in all implementations of IPv6.  Although IPsec was designed for IPv6 it can be and has been used to secure IPv4 traffic for some time now.

 Although IPv6 itself has built in security, the coming change to IPv6 and away from IPv4 has raised security concerns over how the change from one protocol to another may be exploited.

 The main catalyst for IPv6 is the soon to be depleted number of IPv4 addresses. Some estimates say it may take more than a decade for IPv6 capabilities to spread throughout the network community.

 During this transition time and even afterwards there will be servers available over IPv4 only, some will only be available to IPv6 and some available to both protocols.  Support and security for both of these protocols will be needed for an extended period.

 The security concerns at this early stage deal with the minimal but growing amount of IPv6 traffic running across IPv4 networks that are not secure against threats arriving via this IPv6 traffic.

 Most U.S. organizations have hidden IPv6 traffic running across their networks. They can have IPv6 running on their networks and not know it.  Windows 7, Vista, Windows Server 2008, MAC OS X, Linux And Solaris all ship with IPv6 enable by default.

 The main concern lies with security meant to monitor IPv4 traffic. This security needs to be updated to include IPv6.  Firewalls need to be able to distinguish between IPv4 and IPv6. If you only have an IPv4 firewall you can have IPv6 running between you and the threat.

 Tunneling is another area of concern. IPv6 traffic can be tunneled over IPv4 using programs such as Teredo, 6to4, or ISATAP.  Typical IPV4 security devices are not tuned to look for tunneled traffic. Tunneled traffic can be hard to discern and decipher in any case as the following example suggests >> you can tunnel IPv6 over HTTP over IPv4.

 Rogue IPv6 traffic can include attacks such as botnet commands and controls.  One example of an botnet attack using IPv6 had the IPv6 protocol hiding itself as IPv4 through the router. It was then attacking and issuing command and controls to a botnet in the far east. Another type of threat has seen illegal file sharing that leverages IPv6 for peer to peer communications.

 The type 0 routing header is another potential security problem with IPv6. This feature of IPv6 allows you to specify in the header what route is used to forward traffic. A hacker could use this to overwhelm a part of the network generating denial-of-service traffic.  RFC 5095 dated December 2007 called for measures to confront this problem. Implemented yet?

 The number of attacks via IPv6 has been low but this can be attributed to the low amount of IPv6 traffic and the fact that the vast majority of the prime targets are still using IPv4.

 Organizations will have to mirror what they have done for IPv4 security with IPv6. Until recently IPv4 was the only protocol used and the only one that network security needed to be concerned with. Now there is IPv4, IPv6 and IPv6 tunneled over IPv4.

 Companies are now coming out with products to deal with these issues.  Command Information Assure 6 and McAfee Network Security Platform both provide full IPv6 and tunnel inspection.  Cisco and Juniper offer IPv6 enabled routers and firewalls.