Five Security Myths a CISO Should
Be Aware of
Fernando Gont

CISO Platform Annual Summit
Mumbai, India. November 15-16, 20...
Motivation
●

One way or another, IPv6 is already here:
●

Enabled by default on most Operating Systems

●

Deployed by ma...
Myth #1:
“IPv6 is more secure than IPv4”

CISO Platform Annual Summit
Mumbai, India. November 15-16, 2013

3
© 2013 SI6 Ne...
Myth #1: IPv6 is more secure than IPv4
●

IPv6 is more complex than IPv4

●

IPv6 code is less mature than its IPv4 counte...
Myth #2:
“The security paradigm will change from
network-centric to host-centric”

CISO Platform Annual Summit
Mumbai, Ind...
Myth #2: Network security paradigm
●

The current Internet has an hybrid network security model:
●

●

Personal firewalls
...
Myth #3:
“IPv6 address scans are unfeasible”

CISO Platform Annual Summit
Mumbai, India. November 15-16, 2013

7
© 2013 SI...
Myth #3: IPv6 scans are unfeasible
●

Based on these assumptions:
●

●

●

IPv6 subnet size is huge
IPv6 addresses are ass...
Myth #4:
“IPv6 networks will be NAT-free”

CISO Platform Annual Summit
Mumbai, India. November 15-16, 2013

9
© 2013 SI6 N...
Myth #4: IPv6 networks will be NAT-free
●

●

IPv6 provides plenty of address space -- no need for address
translation
How...
Myth #5:
“IPv6 will remove complexity from the
network”

CISO Platform Annual Summit
Mumbai, India. November 15-16, 2013

...
Myth #5: IPv6 & network complexity
●

Transition/co-existence with IPv6 implies:
●

●

Increased use of tunnels

●

Increa...
Myth #6:
“Our network doesn't support IPv6, so these
issues do not affect us”

CISO Platform Annual Summit
Mumbai, India. ...
Myth #6: IPv6 implications on IPv4 nets

See you tomorrow at 10:45 to elaborate on this
one ;-)

CISO Platform Annual Summ...
Thanks!
Fernando Gont
fgont@si6networks.com

www.si6networks.com

CISO Platform Annual Summit
Mumbai, India. November 15-1...
Upcoming SlideShare
Loading in...5
×

ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic

188
-1

Published on

Presented by Fernando Gont at CISO Platform Annual Summit, 2013. Fernando specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
188
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic

  1. 1. Five Security Myths a CISO Should Be Aware of Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
  2. 2. Motivation ● One way or another, IPv6 is already here: ● Enabled by default on most Operating Systems ● Deployed by many popular content providers ● Native IPv6 access already provided by some ISPs ● There are several myths around IPv6 ● The goal of this presentation is to dismantle them CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  3. 3. Myth #1: “IPv6 is more secure than IPv4” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
  4. 4. Myth #1: IPv6 is more secure than IPv4 ● IPv6 is more complex than IPv4 ● IPv6 code is less mature than its IPv4 counterpart ● Less support in security devices for IPv6 than for IPv4 ● There is a lack of well-trained human resources ● All these aspects will have an impact on the effective network security CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  5. 5. Myth #2: “The security paradigm will change from network-centric to host-centric” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
  6. 6. Myth #2: Network security paradigm ● The current Internet has an hybrid network security model: ● ● Personal firewalls ● ● Network-based firewalls etc. There is no evidence that IPv6 will change this hybrid model CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  7. 7. Myth #3: “IPv6 address scans are unfeasible” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
  8. 8. Myth #3: IPv6 scans are unfeasible ● Based on these assumptions: ● ● ● IPv6 subnet size is huge IPv6 addresses are assigned randomly But addresses tend to follow specific patterns: ● ● e.g., 2001:db8::1, 2001:db8::2, etc. IPv6 scans are feasible if such patterns are leveraged CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  9. 9. Myth #4: “IPv6 networks will be NAT-free” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
  10. 10. Myth #4: IPv6 networks will be NAT-free ● ● IPv6 provides plenty of address space -- no need for address translation However, NAT devices provide some interesting properties: ● Address sharing ● Network topology hiding ● Host masquerading ● Diode-like firewall functionality ● A number of devices already implement IPv6 NAT ● There will be at least some deployment of IPv6 NAT CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  11. 11. Myth #5: “IPv6 will remove complexity from the network” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
  12. 12. Myth #5: IPv6 & network complexity ● Transition/co-existence with IPv6 implies: ● ● Increased use of tunnels ● Increased use of NAT ● ● Two internet protocols Other transition-co-existence technologies You will deal with such complexity, inside and/or outside your network CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  13. 13. Myth #6: “Our network doesn't support IPv6, so these issues do not affect us” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 13 © 2013 SI6 Networks. All rights reserved
  14. 14. Myth #6: IPv6 implications on IPv4 nets See you tomorrow at 10:45 to elaborate on this one ;-) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  15. 15. Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved

×