Submit Search
Upload
Zaccone Carmelo - IPv6 and security from a user’s point of view
•
0 likes
•
356 views
IPv6 Conference
Follow
Zaccone Carmelo - IPv6 and security from a user’s point of view
Read less
Read more
Report
Share
Report
Share
1 of 17
Download Now
Download to read offline
Recommended
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
SDN/NFV Sudanese Research Group Initiative
SDN/NFV Sudanese Research Group Initiative
Ahmed Hassan
Cisco umbrella youtube
Cisco umbrella youtube
Dhruv Sharma
Hack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
10 fn s05
10 fn s05
Scott Foster
FreeBSD is not Linux
FreeBSD is not Linux
Muhammad Moinur Rahman
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
More Related Content
What's hot
Futex ppt
Futex ppt
OECLIB Odisha Electronics Control Library
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
Priyanka Aash
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Priyanka Aash
IPv6 Security
IPv6 Security
Progreso Training
CCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Wardner Maia
ASA Multiple Context Training
ASA Multiple Context Training
Tariq Bader
Nfv primer v2
Nfv primer v2
Dave Neary
Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall
NetProtocol Xpert
Stop disabling SELinux!
Stop disabling SELinux!
Maciej Lasyk
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
Cisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
Rahul
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
NGINX, Inc.
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asa
Ahmed Habib
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop
Kathleen Ludewig Omollo
Tools for Offensive RTC security. Introducing SIPVicious PRO and the demo ser...
Tools for Offensive RTC security. Introducing SIPVicious PRO and the demo ser...
Alan Quayle
IPv6 for Pentesters
IPv6 for Pentesters
NotSoSecure Global Services
CCNP Security-VPN
CCNP Security-VPN
mohannadalhanahnah
What's hot
(20)
Futex ppt
Futex ppt
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
IPv6 Security
IPv6 Security
CCNP Security-Firewall
CCNP Security-Firewall
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
ASA Multiple Context Training
ASA Multiple Context Training
Nfv primer v2
Nfv primer v2
Firewall - Failover & Transparent Firewall
Firewall - Failover & Transparent Firewall
Stop disabling SELinux!
Stop disabling SELinux!
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Cisco ASA Firewalls
Cisco ASA Firewalls
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asa
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop
Tools for Offensive RTC security. Introducing SIPVicious PRO and the demo ser...
Tools for Offensive RTC security. Introducing SIPVicious PRO and the demo ser...
IPv6 for Pentesters
IPv6 for Pentesters
CCNP Security-VPN
CCNP Security-VPN
Viewers also liked
Phil Ads
Phil Ads
leony1948
Predictable Java af Anders P Ravn, CISS og Hans Søndergaard, ViaUC
Predictable Java af Anders P Ravn, CISS og Hans Søndergaard, ViaUC
InfinIT - Innovationsnetværket for it
TBNG Mutual Fund Report
TBNG Mutual Fund Report
TBNG_Financial_Planners
Letter To The Mayor of Baltimore City - Don't Close Our Recreation Center
Letter To The Mayor of Baltimore City - Don't Close Our Recreation Center
saveourrecs
2011 liongson-modeling studies flood control dams-professorial chair lecture
2011 liongson-modeling studies flood control dams-professorial chair lecture
leony1948
Constanze Bürger - IPv6 in the public administration of Germany
Constanze Bürger - IPv6 in the public administration of Germany
IPv6 Conference
2010 liongson-flood mitigation in metro manila-phil engg journal article
2010 liongson-flood mitigation in metro manila-phil engg journal article
leony1948
Budget Presentation 4-6-11
Budget Presentation 4-6-11
wcsd_01
Viewers also liked
(8)
Phil Ads
Phil Ads
Predictable Java af Anders P Ravn, CISS og Hans Søndergaard, ViaUC
Predictable Java af Anders P Ravn, CISS og Hans Søndergaard, ViaUC
TBNG Mutual Fund Report
TBNG Mutual Fund Report
Letter To The Mayor of Baltimore City - Don't Close Our Recreation Center
Letter To The Mayor of Baltimore City - Don't Close Our Recreation Center
2011 liongson-modeling studies flood control dams-professorial chair lecture
2011 liongson-modeling studies flood control dams-professorial chair lecture
Constanze Bürger - IPv6 in the public administration of Germany
Constanze Bürger - IPv6 in the public administration of Germany
2010 liongson-flood mitigation in metro manila-phil engg journal article
2010 liongson-flood mitigation in metro manila-phil engg journal article
Budget Presentation 4-6-11
Budget Presentation 4-6-11
Similar to Zaccone Carmelo - IPv6 and security from a user’s point of view
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
eroglu
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Sandro Gauci
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
Mark Smith
Network & security startup
Network & security startup
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)
Clayton Weise
Survey on IPv6 security issues
Survey on IPv6 security issues
bathinin1
Cisco Network Proposal Part 3
Cisco Network Proposal Part 3
Brooke Lord
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NAT
Mark Smith
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
yfauser
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
CloudStack - Open Source Cloud Computing Project
Day4
Day4
Jai4uk
Vrf Design
Vrf Design
Melissa Grant
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
HostedGraphite
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
Dorian Hernandez
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
10 fn s05
10 fn s05
Scott Foster
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
Similar to Zaccone Carmelo - IPv6 and security from a user’s point of view
(20)
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
Network & security startup
Network & security startup
CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)
Survey on IPv6 security issues
Survey on IPv6 security issues
Cisco Network Proposal Part 3
Cisco Network Proposal Part 3
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NAT
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
Day4
Day4
Vrf Design
Vrf Design
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
10 fn s05
10 fn s05
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
More from IPv6 Conference
0930 1 blixt
0930 1 blixt
IPv6 Conference
Joost Tholhuijsen - Public authoritiesThe NetherlandsIPv6 Awareness
Joost Tholhuijsen - Public authoritiesThe NetherlandsIPv6 Awareness
IPv6 Conference
Urban Kunc - Status of IPv6 in Slovenia
Urban Kunc - Status of IPv6 in Slovenia
IPv6 Conference
Heinz-Werner Schuelting - IPV6 Piloting
Heinz-Werner Schuelting - IPV6 Piloting
IPv6 Conference
Max Lemke - Smart cities: a fertile ground for Internet innovation
Max Lemke - Smart cities: a fertile ground for Internet innovation
IPv6 Conference
Andre Richier - e-Skills for the 21st Century
Andre Richier - e-Skills for the 21st Century
IPv6 Conference
Wim Delrue - Trends in IPv6 Training
Wim Delrue - Trends in IPv6 Training
IPv6 Conference
Mohsen Souissi - Leveraging G6’s IPv6 Tutorial material for training activity
Mohsen Souissi - Leveraging G6’s IPv6 Tutorial material for training activity
IPv6 Conference
IPv6 curricula study Franck Le Gall, Caroline Garence, Fabrice Clari
IPv6 curricula study Franck Le Gall, Caroline Garence, Fabrice Clari
IPv6 Conference
Testimonial from an IPv6 ready logo certified trainer - Silvia Hagen (Sunny C...
Testimonial from an IPv6 ready logo certified trainer - Silvia Hagen (Sunny C...
IPv6 Conference
Public IPv6 training provider’s testimonials - Florent Nolot (Univ. Reims)
Public IPv6 training provider’s testimonials - Florent Nolot (Univ. Reims)
IPv6 Conference
Martin Potts - Rapporteur’s Remarks
Martin Potts - Rapporteur’s Remarks
IPv6 Conference
Onur Bektas - Turkey IPv6 Update
Onur Bektas - Turkey IPv6 Update
IPv6 Conference
Simon Hicks - BIS Perspective on the likely IPv4/IPv6 Migration, and the Way ...
Simon Hicks - BIS Perspective on the likely IPv4/IPv6 Migration, and the Way ...
IPv6 Conference
Carlo SIMON - IPv6 Case Study LUXEMBOURG
Carlo SIMON - IPv6 Case Study LUXEMBOURG
IPv6 Conference
Petra Holubičková - Governmental Support of IPv6 Deployment in the Czech Repu...
Petra Holubičková - Governmental Support of IPv6 Deployment in the Czech Repu...
IPv6 Conference
Davor Sostaric - IPv6 in Slovenia
Davor Sostaric - IPv6 in Slovenia
IPv6 Conference
16 30 1 maria hall
16 30 1 maria hall
IPv6 Conference
Rob Smets - IPv6 deployment monitoring
Rob Smets - IPv6 deployment monitoring
IPv6 Conference
Leslie Daigle - IPv6 Global Deployment – Momentum and Milestones
Leslie Daigle - IPv6 Global Deployment – Momentum and Milestones
IPv6 Conference
More from IPv6 Conference
(20)
0930 1 blixt
0930 1 blixt
Joost Tholhuijsen - Public authoritiesThe NetherlandsIPv6 Awareness
Joost Tholhuijsen - Public authoritiesThe NetherlandsIPv6 Awareness
Urban Kunc - Status of IPv6 in Slovenia
Urban Kunc - Status of IPv6 in Slovenia
Heinz-Werner Schuelting - IPV6 Piloting
Heinz-Werner Schuelting - IPV6 Piloting
Max Lemke - Smart cities: a fertile ground for Internet innovation
Max Lemke - Smart cities: a fertile ground for Internet innovation
Andre Richier - e-Skills for the 21st Century
Andre Richier - e-Skills for the 21st Century
Wim Delrue - Trends in IPv6 Training
Wim Delrue - Trends in IPv6 Training
Mohsen Souissi - Leveraging G6’s IPv6 Tutorial material for training activity
Mohsen Souissi - Leveraging G6’s IPv6 Tutorial material for training activity
IPv6 curricula study Franck Le Gall, Caroline Garence, Fabrice Clari
IPv6 curricula study Franck Le Gall, Caroline Garence, Fabrice Clari
Testimonial from an IPv6 ready logo certified trainer - Silvia Hagen (Sunny C...
Testimonial from an IPv6 ready logo certified trainer - Silvia Hagen (Sunny C...
Public IPv6 training provider’s testimonials - Florent Nolot (Univ. Reims)
Public IPv6 training provider’s testimonials - Florent Nolot (Univ. Reims)
Martin Potts - Rapporteur’s Remarks
Martin Potts - Rapporteur’s Remarks
Onur Bektas - Turkey IPv6 Update
Onur Bektas - Turkey IPv6 Update
Simon Hicks - BIS Perspective on the likely IPv4/IPv6 Migration, and the Way ...
Simon Hicks - BIS Perspective on the likely IPv4/IPv6 Migration, and the Way ...
Carlo SIMON - IPv6 Case Study LUXEMBOURG
Carlo SIMON - IPv6 Case Study LUXEMBOURG
Petra Holubičková - Governmental Support of IPv6 Deployment in the Czech Repu...
Petra Holubičková - Governmental Support of IPv6 Deployment in the Czech Repu...
Davor Sostaric - IPv6 in Slovenia
Davor Sostaric - IPv6 in Slovenia
16 30 1 maria hall
16 30 1 maria hall
Rob Smets - IPv6 deployment monitoring
Rob Smets - IPv6 deployment monitoring
Leslie Daigle - IPv6 Global Deployment – Momentum and Milestones
Leslie Daigle - IPv6 Global Deployment – Momentum and Milestones
Zaccone Carmelo - IPv6 and security from a user’s point of view
1.
2.
3.
4.
iif endorsed by
all hosts
5.
iif implemented by
all applications
6.
7.
direct host-to-host communications
8.
9.
Layer 3/Layer 4
spoofing/sniffing, network flooding,
10.
DHCP vulnerabilities, Man
in the Middle attacks,
11.
Virus, spam, spit,
...
12.
Nevertheless, IPv6 specificities
bring new perspectives on some type of attacks
13.
The IPv6 protocol
security enhancements
14.
closes doors for
some threats
15.
open new doors
for some others threats
16.
NDP & auto-configuration
offers new attacks (e.g. fake RA, fake DaD reply). nb: SEND is a potential answer
17.
18.
Address allocation scheme
19.
20.
brute force scanning
impractical
21.
removes hacking tools
(e.g. backdoors scanners trojan)
22.
removes worm propagation
vectors
23.
removes DDoS tool
(eg. Smurf uses broadcast)
24.
makes life harder
on spammers
25.
makes life harder
in hackers war
26.
27.
28.
Mail/Agenda (MS exchange),
29.
DB (MySQL, Oracle,
MSSql),
30.
Storage (cifs, SAN),
31.
Etc,
32.
Outside IT services
are traditional ones:
33.
DMZ (HTTP,FTP, Mail,
etc)
34.
VPN
35.
Large information technology
infrastructure (PC & servers):
36.
mix environment throughout
many vendors (Microsoft, Linux, Apple, VMWARE) & over various generations (eg. Srv2000/2003, XP, SEVEN, OSX)
37.
38.
IPv6Forum, Alcatel v6Team
lead, IETF, EU,
39.
Task Force AWT
« Technology Watch WG »
40.
Interest of the
system administrator !
41.
Theoretical Know How
BUT few practice !
42.
workshop (mid 2006)
of NREN BELNET « v6 user » but not « v6 administration»
43.
arrival of the
IPv6 customer’s connectivity service
44.
assignment of AWT.be
RIPE Range [2001:06a8:3880::/48]
45.
46.
The access network
had to be Firmware upgraded and IPv6 features (some where still in beta) turned on
47.
Policy to not
introduce IPv6 into the main firewall (PIX535) but rather
48.
playing with a
dedicated firewall (PIX515) natively using V6 only (except a single IPv4 in the v4 management network)
49.
dedicated v6 LANS
hermetic to v4 LANS (no dual stacks @start)
50.
Firewall is ruling
all LANS (RA + ACL)
51.
Learning v6 ACL
syntax and trying not to make typing errors in addresses
52.
Usual deny ALL
policy for incoming traffic
53.
54.
55.
56.
57.
58.
FW v6ACL must
take care of more ICMP messages than in v4
59.
Huge attention to
give when typing IPv6 addresses
60.
Not an easy
task to analyse IPv6 logs
61.
We see as
many attacks attemps than on IPv4
62.
Remote access :
moving to OpenVPN as Cisco VPN concentrator is not v6 capable
63.
Special attention to
reverse-proxy (http, ftp):
64.
AWT v4 servers
uses virtual hosting for many websites
65.
AWT reverse-proxy was
not hosting all the websites
66.
67.
68.
some internal websites
(not in the rproxy) became ‘down’ for AWT users when dual stack was turned on.
69.
Personal software Firewal/Anti-Virus
(e.g. symantec, mcafee) not ready for IPv6
70.
Dual stacks hosts
become more vulnerable
71.
Need to disable
v6 stacks when outside the secured AWT office
72.
Need to higher
awareness/consciousness of the users
73.
not NAT for
security through obscurity
74.
direct public IP
reachability, so take care to host local services (e.g. file share)
75.
76.
Download Now