Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Enabling IPv6 in Corporate Intranet Networks
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
Internet Gateway Device (IGD)
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
LittleOrange Internet Security an Endpoint Security Appliance.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Internet Protocol Security (IPSec)
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Karlstad University IP security Ge Zhang
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-00.txt Mark Townsley Eric Vyncke November.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security fundamentals Topic 10 Securing the network perimeter.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
Chapter 4: Implementing Firewall Technologies
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.
Security “Automatic Border Detection” is essential – For service discovery scope – For prefix assignment and routing – For security Default filters (ULAs?)
Cisco Public 1 Eric Vyncke, Distinguished Engineer Cisco Systems
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v
Security fundamentals
ArcGIS for Server Security: Advanced
Cost-Effective Strategies for Countering Security Threats:  IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Instructor Materials Chapter 6 Building a Home Network
IT443 – Network Security Administration Instructor: Bo Sheng
Computer Data Security & Privacy
draft-baker-opsawg-firewalls
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Threat Management Gateway
Firewalls.
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
Cisco Real Exam Dumps IT-Dumps
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
دیواره ی آتش.
Firewalls Chapter 8.
Advanced Computer Networks
Wireless Spoofing Attacks on Mobile Devices
Per Söderqvist Per Söderqvist Sales Engineer
Presentation transcript:

Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley Andrew Yourtchenko November 2011

Advanced Security User Feedback IPS Dynamic Policy & Signatures Update On-line Access to IP Address Reputation In short: traffic is allowed until proven guilty CPE or internal router

Overview 7 policies are identified in the -03. These are largely based on features which are commonly available in “advanced” security gears (UTM) for enterprises for several years Home edge/internal router is not something that is purchased and thrown away when obsolete. Instead, it is actively updated like many other consumer devices are today (PCs, iPods and iPhones, etc.) Business model may include a paid subscription service from the manufacturer, a participating service or content provider, consortium, etc.

Why is this important to IPv6 & HOMENET?

Opening THE Can of Worms NAT is Useless for Security Most botnet members are behind a NAT Malware are downloaded nowadays… Allowing PCP or UPnP to open NAT pin- holes puts a huge trust in the host integrity There is a need to apply security between guest and home security domains

Default Security Policy 1. RejectBogon: including uRPF checks 2. BlockBadReputation: for in/outbound traffic 3. AllowReturn: and apply IPS on in/outbound traffic 4. AllowToPublicDnsHost Allow inbound traffic to inside host with a AAAA & reverse-DNS 5. ProtectLocalOnly: Block all inbound traffic to inside which never transmitted to the outside (à la full-cone) 6. CrypoIntercept: Intercept all inbound SSL/TLS connection, present (self-signed) cert, decrypt and re-encrypt Goal is to apply IPS 7. ParanoidOpeness: Allow ALL inbound traffic by default See more next slide

More on Paranoid Openness Rate limit (SYN & plain data) To protect low-bandwidth residential links Basic protection against host scan If authenticated flow (e.g. HTTP) Perform dictionary attack on credential and reject too obvious ones (or default ones) Goal is to force user to select good credentials IPS must be applied If protocol unknown, then flow MAY be permitted If attack is detected, then flow MUST be denied

-00 at IETF presented at V6OPS & SAAG Globally positive reaction The crypto part could be improved/better presented Paranoid Openness is very much needed for IPv6 Already known as Universal Threat Mitigation for large enterprises Could/should cross pollination with simple- security ID

Between IETF76 & 82 But, little progress done (Eric’s & Mark’s fault) -03 delta Some cosmetics More reference to UTM Reference to previous I-D & RFC 6092 More consistent with HOMENET

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.