Easing the Transition to IPv6 with NetFlow
Upcoming SlideShare
Loading in...5
×
 

Easing the Transition to IPv6 with NetFlow

on

  • 184 views

Flow-based network monitoring solutions can help ease the transition to IPv6 by tracking how network devices and applications behave before, during and after the cutover, helping to mitigate any ...

Flow-based network monitoring solutions can help ease the transition to IPv6 by tracking how network devices and applications behave before, during and after the cutover, helping to mitigate any anomalies before they become a serious issue. Learn how NetFlow can help governments and enterprises make this important conversion.

Statistics

Views

Total Views
184
Views on SlideShare
184
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Easing the Transition to IPv6 with NetFlow Easing the Transition to IPv6 with NetFlow Presentation Transcript

  • Easing the Transition to IPv6 with NetFlow Chris Smithee, Strategic Solutions Architect Know Your Network, Run Your Business
  • Why should we change to IPv6?  Federal mandate if you’re a government agency – Sept 28, 2010 a mandate was enacted to require federal agencies to have web facing IPv6 by EoY of 2012, and internal IPv6 by 2014 https://cio.gov/wp-content/uploads/downloads/2012/09/Transition-to-IPv6.pdf  Eventually companies will have to be on IPv6 to do business  Dwindling IP space creates problems – Lack of IP space for new Internet bound companies – Creation of solutions that have adverse impact on monitoring and mitigation  You may already be using it locally- inadvertently 2 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • Perception of the problem  Changing to IPv6 exposes me to unknown problems and threats – Yes, but so does not changing to IPv6. New threats are discovered and created daily. We always have to have a plan to mitigate the next unknown.  Its expensive to convert – Most companies have plans for refresh cycles on equipment, they simply need to time upgrades to coincide with the network refresh. Its possible to run mixed mode environments to prevent the need to do simultaneous global rollout of IPv6 as a service  I have to plan the upgrade and I don’t have enough time – Start planning if you haven’t already. Avoiding the problem won’t make it go away and simply introduces a time crunch later. This isn’t a change you have to make overnight.  I’m not sure I can monitor IPv6 traffic effectively – Virtually all classes of monitoring tools have caught up so that they have some level of support. Work with your vendor to find out if they do. If not, there ARE alternatives. Let your vendors know that you are aware of that. 3 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • How can NetFlow help me? Know Your Network, Run Your Business
  • NetFlow v5* (most common) * fixed format, cannot be extended to include new fields
  • IPv4 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) TTL Protocol Options bitmap Fragmentation Flags Version Fragmentation Offset Precedence Identification DSCP Header Length TOS Total Length Interface Input Output Flow Sampler ID Direction Source MAC address Destination MAC address Dot1q VLAN Source VLAN Layer 2 IPv6 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) DSCP Protocol Extension Headers Traffic Class Hop-Limit Flow Label Length Option Header Next-header Header Length Version Payload Length Dest VLAN Dot1q priority NetFlow Version 9: Key Fields
  • Track Rate of Adoption 7 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • Inventory Reporting 8 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)  Significant implications to Vulnerability scans  IPv6 has a LOT of addresses  Leading practice for ISPs is to provide a /48 netmask. That’s 80 bits of usable IP  Unfiltered scans can be challenging  Helpful subnetting link: https://supportforums.cisco.com/docs/DOC- 17232
  • See the unseen  There will always be something that slides through the cracks of your best detection technologies. At a minimum NetFlow is the network accounting that shows you how it happened 9 ©2011 Lancope , Inc. All Rights Reserved. Company Confidential (not for distribution)
  • Flow-based Anomaly Detection
  • Behavior-based Analysis
  • NetFlow security use cases • Identifying BotNet Command & Control Activity. BotNets are implanted in the enterprise to execute commands from their Bot herders to send SPAM, Denial of Service attacks, or other malicious acts. • Revealing Data Loss. Code can be hidden in the enterprise to export of sensitive information back to the attacker. This Data Leakage may occur rapidly or over time. • Detecting Sophisticated and Persistent Threats. Malware that makes it past perimeter security can remain in the enterprise waiting to strike as lurking threats. These may be zero day threats that do not yet have an antivirus signature or be hard to detect for other reasons. • Finding Internally Spread Malware. Network interior malware proliferation can occur across hosts for the purpose gathering security reconnaissance data, data exfiltration or network backdoors. • Uncovering Network Reconnaissance. Some attacks will probe the network looking for attack vectors to be utilized by custom-crafted cyber threats.
  • Sales sales@lancope.com Marketing marketing@lancope.com Questions and Contact