SlideShare ist ein Scribd-Unternehmen logo

IPv6 Security

Skeeve Stevens
Skeeve Stevens

IPv6 Security - delivered at INET Colombo, Sri Lanka - May 2011

Technologie
1 von 13
Downloaden Sie, um offline zu lesen
Skeeve Stevens IPv6 Security CEO Director Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • This talk to to help people understand the security implications of migrating to IPv6 • Highlights some key areas for you to consider • Explain the differences between IPv6 and IPv4 • Technical Difficulty - 2 out of 10 (some slides higher) • If you know what IPv6 is, then you will understand (mostly) this presentation • IPv6 - I LIKE! It’s NICE What is this talk about? Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • If you are new to IPv6 - do not implement it in a production environment until you understand the security implications • If you do IPv6 without considering security then you WILL get hacked - and quickly. Would you leave your house unlocked? • CPE’s (modem/router) barely understand IPv6 - initial security is weak - choose the right product! IPv6 Firewalls are coming! • Use someone who ACTUALLY knows what they are talking about - not just someone who just says they know! • Security through obscurity = security through stupidity - they WILL find your v6 address! IPv6 Security? Oh oh Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • Enabling IPv6 leaves you wide open - immediately Key Issues to Consider Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • Every aspect of security that you have in IPv4 needs to be replicated to IPv6 • SSH,Telnet,Access Lists, SNMP, CoPP – All are immediately open and accessible when you turn on IPv6 - all IPv4 security is immediately bypassed! • It isn’t hard to do the security – you just HAVE to do it – or else • Nothing has changed with the basic tenants of security – just all new commands for some platforms – and often in strange places • The only new important consideration is that IPv6 requires ICMP for PMTU (Path MTU Discovery) – disabling it WILL break things (in ways that you can’t easily troubleshoot) Key Issues to Consider Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • IPv4 vs. IPv6 • They are totally separate protocols and essentially do not interact at any point - even on the same router and/or switch • IPv6 is a completely new version - there is no backward compatibility at all - just some translation methods • It is a perfect time for you re-evaluate all your security policies and procedures • Zone flow • Device lock down policies and Host build procedures • User restriction • Source/destination control • Inter-departmental security - often ignored Key Issues to Consider Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • Does your equipment treat v6 the same as v4? • Routers, Layer 3 switches, Firewalls, IPS & IDS,VPN Services • Equipment • Plan for equipment upgrades if needed • Does it process v6 in hardware or software • SW may not be fast enough for your application • May cause DoS situations • Recommendations • Talk to your vendors about stable versions • Use test gear or lab kit where possible • Monitor sites posting vulnerabilities and respond quickly Equipment Considerations Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • IPv6 address space is huge.Attackers scanning a network range is unwieldy. Example - NMAP doesn’t let you scan IPv6 ranges • Attackers will look for other ways to find their targets • Take precautions to protect systems that are caches for addresses • DHCP servers (reservations) • DNS (DNS harvesting),Web Log harvesting • Neighbour caches (like ARP cache) • Don’t simple replicate your IPv4 last octet in IPv6 chazwazza* Make attackers work if they really want a hosts address! • Inject randomisation in your addressing to make it less obvious - but don’t make life too hard for yourself * http://www.urbandictionary.com/define.php?term=chazwazza Tactics Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • Filter unneeded or potentially dangerous communications Examples: • Routing Header 0 vulnerabilities (sort of like IPv4 source routing). Deprecated by RFC 5095 but still dangerous since it can let an attacker control hop flow. • If certain internal IPv6 address never need to hit the Internet, filter them • ICMP is critical to IPv6. Let certain (but not all) types through hops • Anycast & Multicast unless they are specifically used • Don’t leave yourself open to potential future attacks - Everything you know now will change in the next 5 years. They WILL get smarter, they WILL get faster than ever before. Filtering (More Advanced) Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security One key difference: The key area where v6 is different from v4 is that v6 packets use a concept knows as extension headers which were developed to improve performance by making the packet header structure more simple. Essentially v6 extension headers are optional headers that let you specify certain ways that you can influence the packet to behave such a routing the packet through a certain path on the network, or you might have a fragmentation header that breaks up the packet and then reassembles it. In v4 we had to have all those headers included in one single header but they're optional in v6. Because they're optional, security protocols need to understand a variable set of headers which makes security devices more complex Extension Headers (Even More Advanced) Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security • IPv6 is not automatically more secure than IPv4 • IPv6 is just layer 3... above or below layer 3 will act just the same as they do with v4 - assuming your apps are layer 3 agnostic • IPv6 can be attacked just as easily as IPv4 - what does this mean? • MAC can still be spoofed • Flawed web apps will remain flawed - SQL injections, etc • IPv6 attacks will grow more smarter and more creative as deployments grow • Back in 2002 a Honeypot system caught a hack using IPv6 tunnels to break into sites • Think of the hacks and bugs discovered each month - it is only a matter of time. IPv6 is new - it will have problems Please Remember Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security Does this mean that I should avoid v6? It sounds complicated. Who will help me? PRACTICE SAFE IPV6! So.... Tuesday, 24 May 2011
INET Colombo, May 2011 IPv6 Security Thanks.... Questions? Thanks to Kurt Bales, Jeff Doyle and Grant Moerschel for content and inspiration CONNECT WITH ME Email~ skeeve@eintellego.asia Web~ www.eintellego.asia Facebook~ facebook.com/eintellego - eintellego@facebook.com LinkedIn~ http://au.linkedin.com/in/skeeve Twitter~ @eintellego @networkceoau @skeevestevens CEO Blog~ www.network-ceo.net Tuesday, 24 May 2011

Empfohlen

【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering communityシスコシステムズ合同会社
 
Introduction to Resilience4j
Introduction to Resilience4jIntroduction to Resilience4j
Introduction to Resilience4jKnoldus Inc.
 
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT EquipmentThe Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT EquipmentDeploy360 Programme (Internet Society)
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
SDN and Security: some real-world experience
SDN and Security: some real-world experienceSDN and Security: some real-world experience
SDN and Security: some real-world experienceAPNIC
 
Tmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluTmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluSteph Cliche
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSL
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSLBarcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSL
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSLRichard Fussenegger
 

Empfohlen

【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering communityシスコシステムズ合同会社
 
Introduction to Resilience4j
Introduction to Resilience4jIntroduction to Resilience4j
Introduction to Resilience4jKnoldus Inc.
 
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT EquipmentThe Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT EquipmentDeploy360 Programme (Internet Society)
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
SDN and Security: some real-world experience
SDN and Security: some real-world experienceSDN and Security: some real-world experience
SDN and Security: some real-world experienceAPNIC
 
Tmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluTmplab hostile wrt-5-hacklu
Tmplab hostile wrt-5-hackluSteph Cliche
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSL
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSLBarcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSL
Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSLRichard Fussenegger
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101Cisco DevNet
 
OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)NETWAYS
 
Voxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloudVoxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloudVoxeo Corp
 
Kali linux
Kali linuxKali linux
Kali linuxMaryamAlR
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarisedSanchit Srivastava
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 
Kalilinux
KalilinuxKalilinux
Kalilinuxhaha loser
 
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011François Proulx
 
DEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVTDEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVTCisco DevNet
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsAnthony Somerset
 
Zabbix over the Internet
Zabbix over the InternetZabbix over the Internet
Zabbix over the InternetRicardo Santos
 
Janus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) serverJanus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) serverDevDay
 
ZAP @FOSSASIA2015
ZAP @FOSSASIA2015ZAP @FOSSASIA2015
ZAP @FOSSASIA2015Sumanth Damarla
 
Lec01 intro and hello world program
Lec01 intro and hello world programLec01 intro and hello world program
Lec01 intro and hello world programAsif Shahzad
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
OSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think DifferentOSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think DifferentNATS
 
SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017Lorenzo Miniero
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationJisc
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of SouthamptonIPv6 Summit 2010
 

Weitere ähnliche Inhalte

Was ist angesagt?

y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101Cisco DevNet
 
OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)NETWAYS
 
Voxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloudVoxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloudVoxeo Corp
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011François Proulx
 
DEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVTDEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVTCisco DevNet
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsAnthony Somerset
 
Zabbix over the Internet
Zabbix over the InternetZabbix over the Internet
Zabbix over the InternetRicardo Santos
 
Janus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) serverJanus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) serverDevDay
 
Lec01 intro and hello world program
Lec01 intro and hello world programLec01 intro and hello world program
Lec01 intro and hello world programAsif Shahzad
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
OSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think DifferentOSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think DifferentNATS
 
SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017Lorenzo Miniero
 

Was ist angesagt? (19)

y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 network
 
DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101
 
OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)
 
Voxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloudVoxeo Summit Day 1 - A view into the Voxeo cloud
Voxeo Summit Day 1 - A view into the Voxeo cloud
 
Kali linux
Kali linuxKali linux
Kali linux
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Kalilinux
KalilinuxKalilinux
Kalilinux
 
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
 
DEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVTDEVNET-1102 Introduction to the DevNet Sandbox and IVT
DEVNET-1102 Introduction to the DevNet Sandbox and IVT
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
 
Zabbix over the Internet
Zabbix over the InternetZabbix over the Internet
Zabbix over the Internet
 
Janus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) serverJanus: an open source and general purpose WebRTC (gateway) server
Janus: an open source and general purpose WebRTC (gateway) server
 
ZAP @FOSSASIA2015
ZAP @FOSSASIA2015ZAP @FOSSASIA2015
ZAP @FOSSASIA2015
 
Lec01 intro and hello world program
Lec01 intro and hello world programLec01 intro and hello world program
Lec01 intro and hello world program
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
OSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think DifferentOSCON 2019 | Time to Think Different
OSCON 2019 | Time to Think Different
 
SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017SIP/WebRTC load testing @ KamailioWorld 2017
SIP/WebRTC load testing @ KamailioWorld 2017
 

Ähnlich wie IPv6 Security

Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationJisc
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of SouthamptonIPv6 Summit 2010
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdfFernandoGont
 
Network Security IPv4 plus IPv6.pdf
Network Security IPv4 plus IPv6.pdfNetwork Security IPv4 plus IPv6.pdf
Network Security IPv4 plus IPv6.pdfKelvin Goh
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn FortinetDigicomp Academy AG
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoDigicomp Academy AG
 
Track f interoperable ip-delivery_ch_e ofer shragay
Track f interoperable ip-delivery_ch_e ofer shragayTrack f interoperable ip-delivery_ch_e ofer shragay
Track f interoperable ip-delivery_ch_e ofer shragaychiportal
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011IPv6no
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
IETF Activities Update
IETF Activities UpdateIETF Activities Update
IETF Activities UpdateARIN
 

Ähnlich wie IPv6 Security (20)

Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdf
 
Network Security IPv4 plus IPv6.pdf
Network Security IPv4 plus IPv6.pdfNetwork Security IPv4 plus IPv6.pdf
Network Security IPv4 plus IPv6.pdf
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
 
Track f interoperable ip-delivery_ch_e ofer shragay
Track f interoperable ip-delivery_ch_e ofer shragayTrack f interoperable ip-delivery_ch_e ofer shragay
Track f interoperable ip-delivery_ch_e ofer shragay
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)
 
VPN
VPNVPN
VPN
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnel
 
IETF Activities Update
IETF Activities UpdateIETF Activities Update
IETF Activities Update
 

Mehr von Skeeve Stevens

Building an Elastic Fabric
Building an Elastic FabricBuilding an Elastic Fabric
Building an Elastic FabricSkeeve Stevens
 
Elastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsElastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsSkeeve Stevens
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC FabricsSkeeve Stevens
 
Future of Wearable Technology
Future of Wearable TechnologyFuture of Wearable Technology
Future of Wearable TechnologySkeeve Stevens
 
Service Provider Models using the NBN
Service Provider Models using the NBNService Provider Models using the NBN
Service Provider Models using the NBNSkeeve Stevens
 
World Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkWorld Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkSkeeve Stevens
 
The Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesThe Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesSkeeve Stevens
 
IPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableIPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableSkeeve Stevens
 
Social Media Trends and the Network
Social Media Trends and the NetworkSocial Media Trends and the Network
Social Media Trends and the NetworkSkeeve Stevens
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
Wholesale Options for Small ISPs
Wholesale Options for Small ISPsWholesale Options for Small ISPs
Wholesale Options for Small ISPsSkeeve Stevens
 
Why Being a Small ISP is still Viable
Why Being a Small ISP is still ViableWhy Being a Small ISP is still Viable
Why Being a Small ISP is still ViableSkeeve Stevens
 

Mehr von Skeeve Stevens (13)

Building an Elastic Fabric
Building an Elastic FabricBuilding an Elastic Fabric
Building an Elastic Fabric
 
The Cloud ISP
The Cloud ISPThe Cloud ISP
The Cloud ISP
 
Elastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsElastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPs
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC Fabrics
 
Future of Wearable Technology
Future of Wearable TechnologyFuture of Wearable Technology
Future of Wearable Technology
 
Service Provider Models using the NBN
Service Provider Models using the NBNService Provider Models using the NBN
Service Provider Models using the NBN
 
World Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkWorld Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening Talk
 
The Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesThe Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile Devices
 
IPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableIPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the Inevitable
 
Social Media Trends and the Network
Social Media Trends and the NetworkSocial Media Trends and the Network
Social Media Trends and the Network
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)
 
Wholesale Options for Small ISPs
Wholesale Options for Small ISPsWholesale Options for Small ISPs
Wholesale Options for Small ISPs
 
Why Being a Small ISP is still Viable
Why Being a Small ISP is still ViableWhy Being a Small ISP is still Viable
Why Being a Small ISP is still Viable
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

IPv6 Security

  • 1. Skeeve Stevens IPv6 Security CEO Director Tuesday, 24 May 2011
  • 2. INET Colombo, May 2011 IPv6 Security • This talk to to help people understand the security implications of migrating to IPv6 • Highlights some key areas for you to consider • Explain the differences between IPv6 and IPv4 • Technical Difficulty - 2 out of 10 (some slides higher) • If you know what IPv6 is, then you will understand (mostly) this presentation • IPv6 - I LIKE! It’s NICE What is this talk about? Tuesday, 24 May 2011
  • 3. INET Colombo, May 2011 IPv6 Security • If you are new to IPv6 - do not implement it in a production environment until you understand the security implications • If you do IPv6 without considering security then you WILL get hacked - and quickly. Would you leave your house unlocked? • CPE’s (modem/router) barely understand IPv6 - initial security is weak - choose the right product! IPv6 Firewalls are coming! • Use someone who ACTUALLY knows what they are talking about - not just someone who just says they know! • Security through obscurity = security through stupidity - they WILL find your v6 address! IPv6 Security? Oh oh Tuesday, 24 May 2011
  • 4. INET Colombo, May 2011 IPv6 Security • Enabling IPv6 leaves you wide open - immediately Key Issues to Consider Tuesday, 24 May 2011
  • 5. INET Colombo, May 2011 IPv6 Security • Every aspect of security that you have in IPv4 needs to be replicated to IPv6 • SSH,Telnet,Access Lists, SNMP, CoPP – All are immediately open and accessible when you turn on IPv6 - all IPv4 security is immediately bypassed! • It isn’t hard to do the security – you just HAVE to do it – or else • Nothing has changed with the basic tenants of security – just all new commands for some platforms – and often in strange places • The only new important consideration is that IPv6 requires ICMP for PMTU (Path MTU Discovery) – disabling it WILL break things (in ways that you can’t easily troubleshoot) Key Issues to Consider Tuesday, 24 May 2011
  • 6. INET Colombo, May 2011 IPv6 Security • IPv4 vs. IPv6 • They are totally separate protocols and essentially do not interact at any point - even on the same router and/or switch • IPv6 is a completely new version - there is no backward compatibility at all - just some translation methods • It is a perfect time for you re-evaluate all your security policies and procedures • Zone flow • Device lock down policies and Host build procedures • User restriction • Source/destination control • Inter-departmental security - often ignored Key Issues to Consider Tuesday, 24 May 2011
  • 7. INET Colombo, May 2011 IPv6 Security • Does your equipment treat v6 the same as v4? • Routers, Layer 3 switches, Firewalls, IPS & IDS,VPN Services • Equipment • Plan for equipment upgrades if needed • Does it process v6 in hardware or software • SW may not be fast enough for your application • May cause DoS situations • Recommendations • Talk to your vendors about stable versions • Use test gear or lab kit where possible • Monitor sites posting vulnerabilities and respond quickly Equipment Considerations Tuesday, 24 May 2011
  • 8. INET Colombo, May 2011 IPv6 Security • IPv6 address space is huge.Attackers scanning a network range is unwieldy. Example - NMAP doesn’t let you scan IPv6 ranges • Attackers will look for other ways to find their targets • Take precautions to protect systems that are caches for addresses • DHCP servers (reservations) • DNS (DNS harvesting),Web Log harvesting • Neighbour caches (like ARP cache) • Don’t simple replicate your IPv4 last octet in IPv6 chazwazza* Make attackers work if they really want a hosts address! • Inject randomisation in your addressing to make it less obvious - but don’t make life too hard for yourself * http://www.urbandictionary.com/define.php?term=chazwazza Tactics Tuesday, 24 May 2011
  • 9. INET Colombo, May 2011 IPv6 Security • Filter unneeded or potentially dangerous communications Examples: • Routing Header 0 vulnerabilities (sort of like IPv4 source routing). Deprecated by RFC 5095 but still dangerous since it can let an attacker control hop flow. • If certain internal IPv6 address never need to hit the Internet, filter them • ICMP is critical to IPv6. Let certain (but not all) types through hops • Anycast & Multicast unless they are specifically used • Don’t leave yourself open to potential future attacks - Everything you know now will change in the next 5 years. They WILL get smarter, they WILL get faster than ever before. Filtering (More Advanced) Tuesday, 24 May 2011
  • 10. INET Colombo, May 2011 IPv6 Security One key difference: The key area where v6 is different from v4 is that v6 packets use a concept knows as extension headers which were developed to improve performance by making the packet header structure more simple. Essentially v6 extension headers are optional headers that let you specify certain ways that you can influence the packet to behave such a routing the packet through a certain path on the network, or you might have a fragmentation header that breaks up the packet and then reassembles it. In v4 we had to have all those headers included in one single header but they're optional in v6. Because they're optional, security protocols need to understand a variable set of headers which makes security devices more complex Extension Headers (Even More Advanced) Tuesday, 24 May 2011
  • 11. INET Colombo, May 2011 IPv6 Security • IPv6 is not automatically more secure than IPv4 • IPv6 is just layer 3... above or below layer 3 will act just the same as they do with v4 - assuming your apps are layer 3 agnostic • IPv6 can be attacked just as easily as IPv4 - what does this mean? • MAC can still be spoofed • Flawed web apps will remain flawed - SQL injections, etc • IPv6 attacks will grow more smarter and more creative as deployments grow • Back in 2002 a Honeypot system caught a hack using IPv6 tunnels to break into sites • Think of the hacks and bugs discovered each month - it is only a matter of time. IPv6 is new - it will have problems Please Remember Tuesday, 24 May 2011
  • 12. INET Colombo, May 2011 IPv6 Security Does this mean that I should avoid v6? It sounds complicated. Who will help me? PRACTICE SAFE IPV6! So.... Tuesday, 24 May 2011
  • 13. INET Colombo, May 2011 IPv6 Security Thanks.... Questions? Thanks to Kurt Bales, Jeff Doyle and Grant Moerschel for content and inspiration CONNECT WITH ME Email~ skeeve@eintellego.asia Web~ www.eintellego.asia Facebook~ facebook.com/eintellego - eintellego@facebook.com LinkedIn~ http://au.linkedin.com/in/skeeve Twitter~ @eintellego @networkceoau @skeevestevens CEO Blog~ www.network-ceo.net Tuesday, 24 May 2011