SlideShare ist ein Scribd-Unternehmen logo

ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

Priyanka Aash
Priyanka Aash

Presented by Fernando Gont who specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

BildungTechnologie
1 von 15
Why Should You Worry About IPv6 Security Even If Your Network Runs On IPv4? Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
Motivation for this presentation ● ● Widespread idea: “I do not need to care about IPv6 security because my network runs on IPv4” Possible approaches: Option #1 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 Option #2 © 2013 SI6 Networks. All rights reserved Option #3
Myth: “My network does not support IPv6” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
Myth: IPv4-only networks ● Most operating systems support IPv6 and enable it by default ● IPv6 connectivity is just “dormant”: ● ● Waiting for “activation” -- legitimate or otherwise Most networks have (at least) partial deployment of IPv6 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
IPv6/IPv4 co-existence (how the two protocols are glued together) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
IPv6/IPv4 co-existence ● For every domain name, the DNS may contain: ● ● ● ● A resource records (IPv4 addresses), and/or, AAAA (Quad-A) resource records (IPv6 addresses) Host may query for A and/or AAAA resource records Based on the available resource records, supported protocols, and local policy, IPv6 and/or IPv4 could be employed CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
How can IPv6 be exploited? CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
How can IPv6 be exploited? ● An attacker poses as a local router/server ● ● ● ● e.g. responds to DHCPv6 requests An attacker possibly forges DNS responses This allows for e.g. IPv6-based Man In The Middle (MITM) attacks You might not even detect these attacks if you are not prepared CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Mitigating IPv6 implications (on “IPv4-only” networks) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
Mitigating IPv6 implications ● Deploy IPv6-security controls ● ● ● Same as you do for IPv4 Might be difficult to implement Filter IPv6 traffic on your network ● ● ● Native traffic (ideally at layer 2) Tunnels (Teredo, etc.) Whatever the outcome, it should be the result of an explicit decision CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
VPN traffic leakages (the good, the bad, and... the ugly) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
VPN leakages ● Typical scenario: ● You connect to an insecure network ● You establish a VPN with your home/office ● Your VPN software does not support IPv6 ● An attacker (or legitimate system!) triggers IPv6 connectivity ● Your traffic now goes in the clear... ● ... while you thought your traffic was being secured CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Mitigating VPN leakages ● Short answer: Disable IPv6 support on your laptop when employing VPNs CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Thankyou's ● Priyanka Aash ● Bikash Barai ● Devesh Bhatt ● CISO Platform 2013 PC CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved

Empfohlen

ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash
 
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleedCiso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Priyanka Aash
 
A sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir ValtmanA sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir Valtman
Priyanka Aash
 
Ciso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woodsCiso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woods
Priyanka Aash
 
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
Priyanka Aash
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Priyanka Aash
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 

Empfohlen

ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash
 
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleedCiso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Priyanka Aash
 
A sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir ValtmanA sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir Valtman
Priyanka Aash
 
Ciso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woodsCiso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woods
Priyanka Aash
 
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
Priyanka Aash
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Priyanka Aash
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
SalmenHAJJI1
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
All Things Open
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
Jeremy Schulman
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
Tom Paseka
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
Paul Tanner
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
Phillip Maddux
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
Zivaro Inc
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
mfrancis
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
Internet Society
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
Rod Flohr
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 

Weitere ähnliche Inhalte

Ähnlich wie ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
mfrancis
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
Rod Flohr
 

Ähnlich wie ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic (20)

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
 

Mehr von Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 

Kürzlich hochgeladen (20)

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 

ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

  • 1. Why Should You Worry About IPv6 Security Even If Your Network Runs On IPv4? Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
  • 2. Motivation for this presentation ● ● Widespread idea: “I do not need to care about IPv6 security because my network runs on IPv4” Possible approaches: Option #1 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 Option #2 © 2013 SI6 Networks. All rights reserved Option #3
  • 3. Myth: “My network does not support IPv6” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
  • 4. Myth: IPv4-only networks ● Most operating systems support IPv6 and enable it by default ● IPv6 connectivity is just “dormant”: ● ● Waiting for “activation” -- legitimate or otherwise Most networks have (at least) partial deployment of IPv6 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 5. IPv6/IPv4 co-existence (how the two protocols are glued together) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
  • 6. IPv6/IPv4 co-existence ● For every domain name, the DNS may contain: ● ● ● ● A resource records (IPv4 addresses), and/or, AAAA (Quad-A) resource records (IPv6 addresses) Host may query for A and/or AAAA resource records Based on the available resource records, supported protocols, and local policy, IPv6 and/or IPv4 could be employed CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 7. How can IPv6 be exploited? CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
  • 8. How can IPv6 be exploited? ● An attacker poses as a local router/server ● ● ● ● e.g. responds to DHCPv6 requests An attacker possibly forges DNS responses This allows for e.g. IPv6-based Man In The Middle (MITM) attacks You might not even detect these attacks if you are not prepared CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 9. Mitigating IPv6 implications (on “IPv4-only” networks) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
  • 10. Mitigating IPv6 implications ● Deploy IPv6-security controls ● ● ● Same as you do for IPv4 Might be difficult to implement Filter IPv6 traffic on your network ● ● ● Native traffic (ideally at layer 2) Tunnels (Teredo, etc.) Whatever the outcome, it should be the result of an explicit decision CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 11. VPN traffic leakages (the good, the bad, and... the ugly) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
  • 12. VPN leakages ● Typical scenario: ● You connect to an insecure network ● You establish a VPN with your home/office ● Your VPN software does not support IPv6 ● An attacker (or legitimate system!) triggers IPv6 connectivity ● Your traffic now goes in the clear... ● ... while you thought your traffic was being secured CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 13. Mitigating VPN leakages ● Short answer: Disable IPv6 support on your laptop when employing VPNs CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 14. Thankyou's ● Priyanka Aash ● Bikash Barai ● Devesh Bhatt ● CISO Platform 2013 PC CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 15. Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved