Your SlideShare is downloading. ×
ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

176
views

Published on

Presented by Fernando Gont who specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

Presented by Fernando Gont who specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
176
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Why Should You Worry About IPv6 Security Even If Your Network Runs On IPv4? Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
  • 2. Motivation for this presentation ● ● Widespread idea: “I do not need to care about IPv6 security because my network runs on IPv4” Possible approaches: Option #1 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 Option #2 © 2013 SI6 Networks. All rights reserved Option #3
  • 3. Myth: “My network does not support IPv6” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
  • 4. Myth: IPv4-only networks ● Most operating systems support IPv6 and enable it by default ● IPv6 connectivity is just “dormant”: ● ● Waiting for “activation” -- legitimate or otherwise Most networks have (at least) partial deployment of IPv6 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 5. IPv6/IPv4 co-existence (how the two protocols are glued together) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
  • 6. IPv6/IPv4 co-existence ● For every domain name, the DNS may contain: ● ● ● ● A resource records (IPv4 addresses), and/or, AAAA (Quad-A) resource records (IPv6 addresses) Host may query for A and/or AAAA resource records Based on the available resource records, supported protocols, and local policy, IPv6 and/or IPv4 could be employed CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 7. How can IPv6 be exploited? CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
  • 8. How can IPv6 be exploited? ● An attacker poses as a local router/server ● ● ● ● e.g. responds to DHCPv6 requests An attacker possibly forges DNS responses This allows for e.g. IPv6-based Man In The Middle (MITM) attacks You might not even detect these attacks if you are not prepared CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 9. Mitigating IPv6 implications (on “IPv4-only” networks) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
  • 10. Mitigating IPv6 implications ● Deploy IPv6-security controls ● ● ● Same as you do for IPv4 Might be difficult to implement Filter IPv6 traffic on your network ● ● ● Native traffic (ideally at layer 2) Tunnels (Teredo, etc.) Whatever the outcome, it should be the result of an explicit decision CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 11. VPN traffic leakages (the good, the bad, and... the ugly) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
  • 12. VPN leakages ● Typical scenario: ● You connect to an insecure network ● You establish a VPN with your home/office ● Your VPN software does not support IPv6 ● An attacker (or legitimate system!) triggers IPv6 connectivity ● Your traffic now goes in the clear... ● ... while you thought your traffic was being secured CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 13. Mitigating VPN leakages ● Short answer: Disable IPv6 support on your laptop when employing VPNs CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 14. Thankyou's ● Priyanka Aash ● Bikash Barai ● Devesh Bhatt ● CISO Platform 2013 PC CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 15. Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved

×