Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen.

Slides:



Advertisements
Similar presentations
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.
IETF 80: NETEXT Working Group – Logical Interface Support for IP Hosts 1 Logical Interface Support for IP Hosts Sri Gundavelli Telemaco Melia Carlos Jesus.
IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
SIP working group status Keith Drage, Dean Willis.
A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.
Security Policies Jim Stracka The Problem Today.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
Dean Cheng Jouni Korhonen Mehamed Boucadair
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Second expert group meeting on Draft fiche on delegated act on the European code of conduct on partnership (ECCP) Cohesion Policy
Operational Security Capabilities for IP Network Infrastructure
Dime WG Status Update IETF#81, THURSDAY, July 28, Afternoon Session I.
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
Recommendations of Unique Local Addresses Usages draft-ietf-v6ops-ula-usage-recommendations-02 draft-ietf-v6ops-ula-usage-recommendations-02 Bing Liu(speaker),
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
6LoWPAN Security Analysis Soohong Daniel Park Ki-Hyung Kim Eunil Seo Samita Chakrabarti Julien Laganier.
1 UDP Encapsulation of 6RD IETF 78 Maastricht 2010 July 30.
1 BENCHMARKING IGP DATA PLANE ROUTE CONVERGENCE draft-ietf-bmwg-igp-dataplane-conv-app-08.txt draft-ietf-bmwg-igp-dataplane-conv-term-08.txt draft-ietf-bmwg-igp-dataplane-conv-meth-08.txt.
IPv6/IPv4 XLATE Trial Service for sharing IPv4 address Japan Internet Exchange Co., Ltd. Masataka MAWATARI.
IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.
Configuring Network Access Protection
Managing the Use of Privacy Extensions for SLAAC in IPv6 (draft-gont-6man-managing-privacy- extensions-01.txt) Fernando Gont (UTN/FRH) Ron Broersma (DREN)
Authority To Citizen Alerts IETF 81 Quebec. Note: Note Well the Note Well Any submission to the IETF intended by the Contributor for publication as all.
Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.
IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.
IPv6 WORKING GROUP (IPNGWG) December 2000 San Diego IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
IETF #84 - NETCONF WG session 1 NETCONF WG IETF 84, Vancouver, Canada MONDAY, July 30, Bert Wijnen Mehmet Ersue.
1 © NOKIA FILENAMs.PPT/ DATE / NN Requirements for Firewall Configuration Protocol March 10 th, 2005 Gabor Bajko Franck Le Michael Paddon Trevor Plestid.
Public 4over6: WGLC feedback Peng Wu IETF84. Feedback from WGLC Relationship with stateless 4-over-6 solutions? Different primary targets and application.
P2PSIP WG IETF 87 P2PSIP WG Agenda & Status Thursday, August 1 st, 2013 Brian Rosen, Carlos J. Bernardos.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
RADEXT WG IETF 81 Agenda July 25, Please join the Jabber room:
N ATIONAL E NGINEERING & T ECHNICAL O PERATIONS IETF 81 v6ops Meeting IPv6 DNS Whitelisting.
1 ipv6-node-02.PPT/ 18 November 2002 / John Loughney IETF 55 IPv6 Working Group IPv6 Node Requirements draft-ietf-ipv6-node-requirements-02.txt John Loughney.
Mary Barnes (WG co-chair) Cullen Jennings (WG co-chair) DISPATCH WG IETF 90.
DMM WG IETF 84 DMM WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Julien Laganier.
BSR Spec Status BSR Spec authors 03/06. Status ID refreshed (now rev-07) Resolved remaining issues we had on our list Updated to reflect WG
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 16, 2010 Presented at IEEE session.
Draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings.
ROLL Working Group Meeting IETF-82, Tapei, November 2011 Online Agenda and Slides at: bin/wg/wg_proceedings.cgi Co-chairs:
Homenet Routing IETF 83, Paris Acee Lindem, Ericsson.
1 IETF-70 draft-akhter-bmwg-mpls-meth MPLS Benchmarking Methodology draft-akhter-bmwg-mpls-meth-03 IETF 70 Aamer Akhter / Rajiv Asati /
IETF 80: NETEXT Working Group – Logical Interface Support for IP Hosts 1 Logical Interface Support for IP Hosts Telemaco Melia, Sri Gundavelli, Carlos.
IETF #85 - NETCONF WG session 1 NETCONF WG IETF 85, Atlanta, USA WEDNESDAY, November 7, Bert Wijnen Mehmet Ersue.
NETWORK-BASED MOBILITY EXTENSIONS WG (NETEXT) July 28 th, 2011 IETF81 1.
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
PMIPv6 multicast handover optimization by the Subscription Information Acquisition through the LMA (SIAL) Luis M. Contreras Telefónica I+D Carlos J. Bernardos.
Doc.: IEEE /0122r0 Submission January 2012 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
DIME WG IETF 83 DIME WG Agenda & Status Thursday, March 29, 2012 Jouni Korhonen, Lionel Morand.
Deploying Dual-Stack Lite in IPv6 Network draft-boucadair-dslite-interco-v4v6-04 Mohamed Boucadair
Source Packet Routing in Networking WG (spring) IETF 89 – London Chairs: John Scudder Alvaro Retana
Security Implications of IPv6 on IPv4 Networks
Recommended Draft Policy ARIN
PANA Issues and Resolutions
GRE-in-UDP Encapsulation
IETF 55 IPv6 Working Group IPv6 Node Requirements
Gunter Van de Velde Kiran Kumar Chitimaneni Warren Kumari
WG Document Status Compiled By: Lou Berger, Vishnu Pavan Beeram
Agenda Wednesday, March 30, :00 – 11:30 AM
James Polk Gorry Fairhurst
Requirements for IPv6 Routers draft-ietf-v6ops-ipv6rtr-reqs-00
TCP Maintenance and Minor Extensions (TCPM) Working Group Status
Presentation transcript:

Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen

Status Personal draft -00 posted on 25 January posted on 29 July 2013 Accepted in Berlin (IETF-87) as WG document -00 posted on 21 October 2013 Sent to WGLC in Vancouver (IETF-88) -01 posted on 5 December 2013

Changes in -01 Basically, watered down and English text clean-ups It seems that more ISP are doing this open by default except a few ports. New X/Box: – Uses IPv6 when clear communication between consoles (i.e. no filtering) – Else, it falls back to Teredo...

Watering Down As of 2013, Swisscom has implemented the rule ProtectWeakService as described below. This is meant as an example and must not be followed blindly: each implementer has specific needs and requirements. Furthermore, the example below will not be updated as time passes, whereas threats will evolve.

Added Flexibility This pre-defined policy should be centrally updated, as threats are changing over time. It could also be a member of a list of pre-defined security policies available to an end-customer, for example together with "simple security" from [RFC6092] and a "strict security" policy denying access to all unexpected input packets.

Last Word of Caution Depending on the extensivity of the filters, certain vulnerabilities could be protected or not. It does not preclude the need for end-devices to have proper host- protection as most of those devices (smartphones, laptops, etc.) would anyway be exposed to completely unfiltered internet at some point of time. The policy addresses the major concerns related to the loss of stateful filtering imposed by IPV4 NAPT when enabling public globally reachable IPv6 in the home.

Comments from a Reviewer Title change: – Balanced Security for IPv6 Residential CPE – A Security Profile for IPv6 Home Networks CPE Adding – “However, the end-user shall be able to change the default setting to the [RFC6092] profile if deemed appropriate.” Remove – the ‘Threats’ section – “To the authors' knowledge, there has not been any incident related to this deployment in Swisscom network”

Next Steps? Is this a useful I-D? Should we change the title? Should we “neutralized” it even further? Authors will implement suggested changes After, should we re-do WG last call?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.