• Save
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Upcoming SlideShare
Loading in...5
×
 

ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic

on

  • 332 views

Presented by Fernando Gont at CISO Platform Annual Summit, 2013. Fernando specializes in the field of communications protocols security, working for private and governmental organisations both in ...

Presented by Fernando Gont at CISO Platform Annual Summit, 2013. Fernando specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

Statistics

Views

Total Views
332
Views on SlideShare
280
Embed Views
52

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 52

http://www.cisoplatform.com 52

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic Presentation Transcript

  • Five Security Myths a CISO Should Be Aware of Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
  • Motivation ● One way or another, IPv6 is already here: ● Enabled by default on most Operating Systems ● Deployed by many popular content providers ● Native IPv6 access already provided by some ISPs ● There are several myths around IPv6 ● The goal of this presentation is to dismantle them CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #1: “IPv6 is more secure than IPv4” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
  • Myth #1: IPv6 is more secure than IPv4 ● IPv6 is more complex than IPv4 ● IPv6 code is less mature than its IPv4 counterpart ● Less support in security devices for IPv6 than for IPv4 ● There is a lack of well-trained human resources ● All these aspects will have an impact on the effective network security CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #2: “The security paradigm will change from network-centric to host-centric” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
  • Myth #2: Network security paradigm ● The current Internet has an hybrid network security model: ● ● Personal firewalls ● ● Network-based firewalls etc. There is no evidence that IPv6 will change this hybrid model CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #3: “IPv6 address scans are unfeasible” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
  • Myth #3: IPv6 scans are unfeasible ● Based on these assumptions: ● ● ● IPv6 subnet size is huge IPv6 addresses are assigned randomly But addresses tend to follow specific patterns: ● ● e.g., 2001:db8::1, 2001:db8::2, etc. IPv6 scans are feasible if such patterns are leveraged CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #4: “IPv6 networks will be NAT-free” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
  • Myth #4: IPv6 networks will be NAT-free ● ● IPv6 provides plenty of address space -- no need for address translation However, NAT devices provide some interesting properties: ● Address sharing ● Network topology hiding ● Host masquerading ● Diode-like firewall functionality ● A number of devices already implement IPv6 NAT ● There will be at least some deployment of IPv6 NAT CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #5: “IPv6 will remove complexity from the network” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
  • Myth #5: IPv6 & network complexity ● Transition/co-existence with IPv6 implies: ● ● Increased use of tunnels ● Increased use of NAT ● ● Two internet protocols Other transition-co-existence technologies You will deal with such complexity, inside and/or outside your network CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Myth #6: “Our network doesn't support IPv6, so these issues do not affect us” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 13 © 2013 SI6 Networks. All rights reserved
  • Myth #6: IPv6 implications on IPv4 nets See you tomorrow at 10:45 to elaborate on this one ;-) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved