Is Cyber Security IPv6-Ready? HEPiXX – Vancouver, BC Bob Cowles October, 2011.

Slides:



Advertisements
Similar presentations
IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
Advertisements

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 May, 2007: American Registry for Internet Numbers (ARIN) “advises the Internet community that migration to IPv6 numbering resources is necessary for.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6 Victor T. Norman.
IPv6. Key Aspects Increased address space SLAAC Security Simplified router processing.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
Implementing IPv6 Module B 8: Implementing IPv6
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Chapter 22 IPv6 (Based on material from Markus Hidell, KTH)
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPv6 Network Security.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
TDC 375 Winter 2002John Kristoff1 Network Protocols IPv6.
CS 6401 IPv6 Outline Background Structure Deployment.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Introduction to IPv6 © J. Liebeherr, 2012, All rights reserved.
بسم الله الرحمن الرحیم. Why ip V6 ip V4 Addressing Ip v4 :: 32-bits :: :: written in dotted decimal :: :: ::
Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.
CSIS 4823 Data Communications Networking – IPv6
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public BSCI Module 8 Lessons 1 and 2 1 BSCI Module 8 Lessons 1 and 2 Introducing IPv6 and Defining.
Basic Transition Mechanisms for IPv6 Hosts and Routers -RFC 4213 Kai-Po Yang
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Chapter 22 Next Generation IP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CSE4213 Computer Networks II
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
IPv6. Content  History  IPv4 Downfall  IPv6 Features  IPv6 Addresses  Changes from IPv4  IPv6 Headers/Frames/Packets  Autoconfiguration  Commands.
IPv6 Routing Milo Liu SW2 R&D ZyXEL Communications, Inc.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.
RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.
Chapter 27 IPv6 Protocol.
@packetjay Fun and games until someone uses IPv6 or TCP.
1 Computer Networks IPv6. 2 Motivation The primary motivation from changing the IP datagram format is to increase the size of the useable address space.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
CSE5803 Advanced Internet Protocols and Applications (13) Introduction Existing IP (v4) was developed in late 1970’s, when computer memory was about.
CSCI 465 D ata Communications and Networks Lecture 25 Martin van Bommel CSCI 465 Data Communications & Networks 1.
Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
GRE.
Internet Protocol Version 6 Specifications
IPv6 Overview Address space Address types IPv6 and Tunneling.
IPv6 101 pre-GDB - IPv6 workshop 7th of June 2016 edoardo
Multicast Listener Discovery
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
Chapter 6 Exploring IPv6.
IPv6 / IP Next Generation
Ch.8 Dynamic IPv6 Address Allocation
CS 457 – Lecture 10 Internetworking and IP
Juniper Networks IPv6 Implementation
Extending IP to Low-Power, Wireless Personal Area Networks
Chapter 20. Network Layer: IP
Internet Protocol, Version 6 (IPv6)
ITIS 6167/8167: Network and Information Security
Presentation transcript:

Is Cyber Security IPv6-Ready? HEPiXX – Vancouver, BC Bob Cowles October, 2011

2 Quiz: What Happened to IPv5 Lost in space? Born out of TCP? Replaced by the iPod? Protocols are even numbers?

3 What happened to IPv4?

4 IPv6 Concepts Quiz (six-foo) Minimum MTU? You can get a logo if you are IPv6 ______? NIST guidelines for secure config 800-___ Number of address bits router examines? 2001:0db8:76ff:0000:dab4:0000:0000:da8c What are ::1/128? fe80::/10? fd00::/8? 2000::/3? ff02::1, ff02::2, ff02::fb ? Maximum jumbo packet size? # of IPv6 addresses for a host on the internet?

5 Are there Security Issues? Architecture Design Implementation Configuration Operation Co-Existence with IPv4 Tools

6 Architecture Multicast, IPsec, ICMPv6 required IP addresses impossible to remember –dead:beef –bebe Address mapping is now many to1 to many Fragmentation left to hosts

7 Design Routing Headers bring back source routing Too many things are suggestions and not strictly enforced –TCP can adjust MSS to prevent fragmentation –Order of Extension Headers Unused fields can be covert channels Mobility IP

8 Implementation Implementations are still partial –E.g. centos firewall accepts IPv6 – does nothing IPv4 errors will be repeated Error conditions will be undetected or handled in different ways Inconsistencies in specs are still being discovered SEcure Neighbor Discovery (SEND) not widely implemented – required for adequate security –Protects RA/RS and ND –RFC3971

9 Configuration Many additional or different issues to consider Explosion of IP addresses per host Considerations in subnet and IP address assignment –Non-obvious vs. easy to guess? –Based on MAC vs. privacy Use routing headers? IP mobility? DHCP?

10 Operation Everything has to be tested in detail –Devices IPv6-Ready but associated firmware is not available (e. g. printers) Host option controls –Autoconfig vs DHCPv6 –Mobile IP –IP address changing –Use of routing headers –Response to mDNS –Response to Neighbor Solicitations/Advertisements

11 Co-Existence with IPv4 Dual stacks add complexity Ability to send packets over two different protocols (evade packet inspection) Tunnels – 6-to-4, Teredo (shipworm) Interactions not fully understood but wiill be exploited Windows – can turn off IPv6 but not restore via registry entry

12 Tools Some new tools, some old tools with new options –traceroute6 (unix), tracert -6 (windows) –tcpdump extended with new options and functionality (e. g. “protochain to parse extension headers) –wireshark, nmap is OK, snort is not ready Passive asset discovery easier than active

13 Security? Attention to configuration guidelines – – Plan transition carefully – use experiences already published as guidelines –Join mailing lists, working groups Test, test –Everything works that is supposed to work –Nothing works that isn’t supposed to work

14 Get Prepared! Courtesy of xkdc.com Ethernet?

15 Liftoff!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.