By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
CS 265 – Project IPv6 Security Aspects Surekha Shinde.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.
Internet Security CSCE 813 IPsec
IPv6 Network Security.
Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Cryptography and Network Security
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
CS 6401 IPv6 Outline Background Structure Deployment.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Introduction to IPv6 Presented by:- ASHOK KUMAR MAHTO(09-026) & ROHIT KUMAR(09-034), BRANCH -ECE.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
TCP/IP Protocols Contains Five Layers
Karlstad University IP security Ge Zhang
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
Introduction to IPv6 ECE4110. Problems with IPv4 32-bit addresses give about 4,000,000 addresses IPv4 Addresses WILL run out at some point – Some predicted.
Lesson 2 Introduction to IPv6.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
IPv6 Introduction Joe zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
IPSec Detailed Description and VPN
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Internet Protocol Version 6 Specifications
IP Version 6 (IPv6).
CSE 4905 IPsec.
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
IT443 – Network Security Administration Instructor: Bo Sheng
IPv6 / IP Next Generation
IPSec IPSec is communication security provided at the network layer.
Computer Networks Protocols
Chapter 6 IP Security.
Presentation transcript:

By Rod Lykins

 Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion

 Originally created due to foreseeable lack of Internet address space… ◦ 1979: 32-bit IPv4 provided 4.3 billion IP addresses ◦ 1990: 128-bit IPv6 development started by IETF ◦ 1998: IPv6 (RFC 2460) standard initially published  Address Space: 3.4 x IP addresses ◦ Or 340,282,366,920,938,463,463,374,607,431,768,211,456 ◦ Earth = 4.5 billion years old; 100 trillion/second = % of used address space  IPv4 Address Depletion Slowed By: ◦ Variable Length Subnet Masks (VLSMs) ◦ Classless Inter-Domain Routing (CIDR) ◦ Network Address Translation (NAT)

 Other than increased address space… ◦ New Header Format  Designed to minimize header overhead, which provides more efficient processing  Note: IPv4 headers and IPv6 headers are not interoperable and the IPv6 protocol is not backward compatible with the IPv4 protocol ◦ Efficient and Hierarchical Addresses  Backbone routers have much smaller routing tables ◦ Stateless and Stateful Address Configuration  Address configuration with or without a DHCP server ◦ Better Support for Quality of Service (QoS)  “Flow Label” in IPv6 Header – even when packet payload is encrypted with IPSec ◦ Better Security…

 Large Address Space ◦ Default Subnet Size = 2 64 addresses  Scan 1,000,000 addresses / sec = > 500,000 year to scan ◦ Other Avenues for Attackers…  Advertised: Mail Servers, Web Servers, etc.  DNS Zone Transfers  Logfile Analysis  Applications  Multi-cast Group Addresses  During Transition (6to4)  IPSec ◦ Provides these Layer 3+ security features…  Confidentiality: IPSec traffic is encrypted…captured IPSec traffic cannot be deciphered without encryption key  Authentication: IPSec traffic is digitally signed with the shared encryption key so receiver can verify it was sent by IPSec peer  Integrity: IPSec traffic contains cryptographic checksum that incorporates the encryption key…the receiver can verify the packet was not modified in transit

 Two Major Protocols ◦ Authentication Header (AH)  Similar to a CRC or CheckSum  Dependent on selected shared key, hash function, mode (tunnel or transport), and network (IPv4 or IPv6)  Provides integrity and authentication, but not confidentiality ◦ Encapsulating Security Payload (ESP)  Provides integrity, authentication, and confidentiality

 Two Modes of Operation ◦ Transport  Only the actual payload of the IP packet is encrypted (i.e., the destination and source IP addresses, port numbers, and other IP header information is still readable ◦ Tunnel  The entire IP packet is encrypted and then placed into an IPSec endpoint where it is encapsulated inside another IP packet.  Wide Range of Crypto Choices ◦ MD5, SHA-1, DES, 3DES, AES…  Most, if not all, successful IPSec exploitation attacks are side-channel attacks ◦ Poor Key Management (i.e., IKE Aggressive Mode) ◦ Unsecure Passwords, etc.

 Attack Vectors ◦ IPSec relies on key exchanges ◦ Neighbor Discovery Spoofing ◦ DoS and DDoS attacks ◦ Application Layer attacks

 Dual-Stack  Simplest method  Tunnel IPv6 via IPv4  Translation IPv6 to IPv4

   Microsoft TechNet  CompTIA Network+