59th IETF Seoul, Korea Quarantine Model Overview “Quarantine model overview for ipv6 network security” draft-kondo-quarantine-overview-00.txt Satoshi kondo.

Slides:



Advertisements
Similar presentations
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Advertisements

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
A master thesis work by Christer Engman Network Services Telia Research AB Department of Teleinformatics Royal Institute of Technology.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
LMF/TTR Raimo Vuopionperä 6WINIT: Ericsson (Research) Objectives (6WINIT Kick-Off, London) Raimo Vuopionperä (Ph. D.), NomadicLab (LMF/TTR)
Guide to Network Defense and Countermeasures Second Edition
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Firewall Firewall design principle. Firewall Characteristics.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Circuit & Application Level Gateways CS-431 Dick Steflik.
Internet Protocol Security (IPSec)
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Intranet, Extranet, Firewall. Intranet and Extranet.
CSE 8343 Group 3 Advanced OS Inter Operability Between IPv4 and IPv6 Team Members Aman Preet Singh Rohit Singh Nipun Aggarwal Chirag Shah Eugene Novak.
7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
2002/3/18 Min. Req. for IPv6 LCNA 1 Minimum Requirement of IPv6 for Low Cost Network Appliance draft-okabe-ipv6-lcna-minreq-01.txt Minimum Requirement.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.
ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
1 Overview of Microsoft ISA Server Introducing ISA Server Protects resourcesProtects resources Connects directly to the Internet and your private.
Emerging Technologies. Emerging Technology Overview  Emerging technologies are those which are just beginning to be adopted or are at the initial acceptance.
Apricot2005, Feb Security Framework for the IPv6 Era SUZUKI, Shinsuke (Hitachi, Ltd. / KAME Project / WIDE Project Secure-6 WG)
Draft-chown-v6ops-campus-transition-00 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF Beijing, China.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Module 5: Designing Security for Internal Networks.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.
© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks
CRUCIAL INFORMATION DISSEMINATION ON MODERN VEHICLES Wei Yan, Thomas Edwards Griffith.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.
CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer 1.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Network Security Solution
What is a Firewall?.
Managing Secure Network Systems
Securing the Network Perimeter with ISA 2004
Server-to-Client Remote Access and DirectAccess
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
By Seferash B Asfa Wossen Strayer University 3rd December 2003
Presentation transcript:

59th IETF Seoul, Korea Quarantine Model Overview “Quarantine model overview for ipv6 network security” draft-kondo-quarantine-overview-00.txt Satoshi kondo

59th IETF Seoul, Korea IPv6 v.s. Firewall The benefits of IPv6 don’t coexist with legacy firewalls –End-to-end communication no-more NAT, IPsec, multicast, QoS,... –Plug & Play Non-PC Devices –Mobility Mobile IPv6 What should we do to provide security in IPv6 network? –Should we upgrade firewalls? –Should we design alternative way?

59th IETF Seoul, Korea Limitation of Firewall It is difficult for firewalls to –block every network worms via SMTP, HTTP –filter encrypted/tunneled packets SSL, IPsec –control/manage nomadic nodes –pass through high-speed traffics These limitations stem from the basic firewall design (“Border Defense Model”) –we have to abandon firewall to create a new security framework for IPv6 (and IPv4)!

59th IETF Seoul, Korea What Is “Quarantine Model” ? Combination of host-based security model and network- based security model to provide flexible and robust security management Consists of three steps: –1. Quarantine the security credential of a node when it is connected to the network –2. Connect the node to a different network based on that result a node is grouped by its security-level –3. Apply different security policy for each networks to enforce site security policy Enforce to apply security patches Access control Filtering rules Packet inspection

59th IETF Seoul, Korea Quarantine Model Diagram Network Admission Server Quarantine Authentication Server Prevention Information Server

59th IETF Seoul, Korea Security Threat Window Incident Security Threat ReportedSpread to the Internet Spreading speed (Less than 8 hours) Prevention time window (few weeks - several months) Outbreak

59th IETF Seoul, Korea Limitation of Firewall is solved Quarantine the security credential of a node when it’s connected to the network –block network worms –control/manage nomadic node Separates nodes according to their security level, and allowing special communications only to high security-level nodes. –encrypted/tunneled packets –pass through high-speed traffic

59th IETF Seoul, Korea Next Actions and Issues Experimental implementation –How to describe a site security policy? –How to make a network separation? –How to control network equipment (router/switch/firewall)? Standardization to provide interoperability –to avoid vendor-proprietary IPv6 network security model! –and vendors can implement vendor-specific solutions based on these interoperability. Security prevention information –Data format, Delivering protocol Credential information of network node –Data format, exchange protocol, security-level deprecation

59th IETF Seoul, Korea Q&A Is this work necessary for IPv6 network security? If so, should it be an v6ops WG item? –if not, where is the right WG? Other comments are welcome!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.