It security
Upcoming SlideShare
Loading in...5
×
 

It security

on

  • 378 views

 

Statistics

Views

Total Views
378
Views on SlideShare
378
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

It security It security Presentation Transcript

  • SECURITY IMPLICATIONS OF IPv6
    IT-security
    Morten Jørgensen
    2. Semester Network
  • Overview
    What is IPv6 and the Advantages
    Key security concerns
    What should be done
    Comparison of IPv4 and IPv6 security
    Security implications of NAT-free network
    IPv6 support in network devices and applications
    Quistions
  • What is IPv6 and the Advantages
    The Internet Protocol version 4 (IPv4) is the core technology employed in the internet to transfer information from one system to another.
    To overcome the exhaustion of IPv4 addresses, the Internet Protocol version 6 (IPv6) was developed, with addresses to allow the foreseeable future growth of the internet.
    The main advantage of IPv6 is that it provides much more address space
  • Key security concerns
    IPv6 implementations are much less mature than their IPv4 counterparts making it likely that a number of vulnerabilities will be discovered and mitigated before their robustness matches that of the existing IPv4 implementations.
    Security products such as firewalls and Network Intrusion Detection Systems have less support for the IPv6 protocols than for their IPv4 counterparts.
    A number of transition/co-existence technologies have been developed to aid in the deployment of IPv6 and the co-existence of IPv6 with the IPv4 protocol. These technologies will increase complexity which may introduce new attack vectors in existing networks.
    Technical personnel have less confidence with the IPv6 protocols than with their IPv4 counterparts. This creates an increased likelihood that security implications are overlooked when the protocols are deployed.
  • What should be done
    Complete a risk assessment on how IPv6 and related technologies (such as transition/co-existence technologies) may affect the security of existing IPv4 networks.
    Develop a transition plan; IPv6 affects every network and there is no ‘do nothing’ option.
    Ensure that relevant staff, e.g. network engineers and security administrators, are confident with IPv6 and related technologies before they are required to deploy and operate IPv6 in production networks.
    Work with equipment and application suppliers to improve the robustness of their implementations, such that the robustness of IPv6 implementations roughly matches that of typical IPv4 implementations.
  • Comparison of IPv4 and IPv6 security
    IPv6 protocol suite comprises a number of supporting protocols that are, in general, more complex than IPv4
    The purpose of host configuration, IPv6 provides not only DHCPv6 (the equivalent of DHCP for IPv4), but also a mechanism for StateLess Address Auto-Configuration (SLAAC) that introduces a number of attack vectors which were not present in IPv4.
  • Security implications of NAT-free network
    Network Address Translators (NAT) provide a number of benefits in a network such as reduced host exposure, host privacy/ masquerading and topology hiding.
    As IPv6 allows the assignment of at least one ‘public’ address to each device connected to the internet, it is generally claimed or assumed that IPv6 network architectures will not accommodate NAT devices.
  • IPv6 support in network devices and applications
    A concern when planning to deploy IPv6 should be the level of IPv6 support (if any) in each of the different network devices. There is ongoing work at the IETF2 to specify a number of desired features for different IPv6 network devices.
    It is generally the case that there is more support for security features in IPv4 products than in IPv6 products, either in terms of variety of products, variety of features, or performance.
    Many applications currently do not support IPv6, or have only recently been updated to incorporate support for IPv6.
  • Questions