SlideShare a Scribd company logo

IPV6 a tale of two protocols

FitCEO, Inc. (FCI)
FitCEO, Inc. (FCI)
1 of 1
Download to read offline
IPV6: A Tale of Two Protocols Remember when you installed Windows 7 or 8? Or maybe it was Mac OSX? Well, when you installed one of those, you received an IPV6 stack for free! Indeed, the IPv6 protocol was installed and automatically enabled to prepare you for the next generation of IP protocols. Currently your IPv6 traffic is “tunneled” across an existing IPv4 network because we live in an IPv4-dominated world. This tunneling creates an entry point for many vulnerabilities yet to be discovered, although quite a few have already been discovered. The majority of our network traffic monitoring tools are also based on IPv4 computer networking. Focusing on IPv4 protocols without an equal emphasis on IPv6 traffic puts us at risk in this mixed-IPv6 world. We may only be seeing part of the picture. The truly disquieting aspect of IPv6 is that it is constantly looking for configuration information from network routers. This information is easily falsified and may be used to auto-configure IPv6 stacks. There are also many opportunities to “fuzz” the IPv6 protocol to find weaknesses specific to stack implementation. While IPv6 is not currently accessible outside of the local network, this means that the local network may be vulnerable to attack from within, while IPv4 monitoring tools sit idly by. Further, stack-level compromises do not require services to be enabled on a target machine, exposing a vulnerability at a level below web, ftp, and other network services. Therefore, a machine with no network services whatsoever may become a victim of an IPv6-based attack. So for those networks that don’t need IPv6 – disable it! For those that do, consider securing your IPv6 implementation: • Make sure that IPv6 routing information is authoritative for your IPv6 domain • Make sure that IPv6 naming services are authoritative for your IPv6 domain • Ensure that IPv6 parameters applicable to your stack are configured and not open to auto- configuration • Ensure that firewalls that support IPv6 are configured properly • Keep in mind that IPv6 traffic is often tunneled over IPv4 Many broadband networks (cable providers in particular) today support IPv6. These gateway devices may have filtering rules in their firmware permitting the user to limit and filter IPv6 traffic. Make sure that you have enabled as much of this as possible to protect your internal network. While most security companies tend to focus only on the IPv4 network, essentially missing some vulnerabilities that experienced attackers may use to compromise your network, VIMRO actively examines IPv6 as a component in our network assessments. Contact VIMRO now for the complete protocol picture for your networked systems. services@vimro.com (800) 272-0019

Recommended

I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
Fred Bovy
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
IPMAX s.r.l.
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
MyNOG
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
manav416
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Cisco Canada
 
It security
It securityIt security
It security
Mutten
 

Recommended

I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
Fred Bovy
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
IPMAX s.r.l.
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
MyNOG
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
manav416
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Cisco Canada
 
It security
It securityIt security
It security
Mutten
 
System and Network administrator
System and Network administratorSystem and Network administrator
System and Network administrator
Mohamed Tawfik
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
APNIC
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
Progreso Training
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
IPv6 Conference
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
Syed Ubaid Ali Jafri
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Fast Answers about Pertino
Fast Answers about PertinoFast Answers about Pertino
Fast Answers about Pertino
Pertino
 
Botnet Detection And Countermeasures
Botnet Detection And CountermeasuresBotnet Detection And Countermeasures
Botnet Detection And Countermeasures
Synerzip
 
IPCop Firewall
IPCop FirewallIPCop Firewall
IPCop Firewall
Mohammed Farrah
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
Yudi Arijanto
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Wardner Maia
 
Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
Novosco
 
Slides from IPv6 Threats
Slides from IPv6 ThreatsSlides from IPv6 Threats
Slides from IPv6 Threats
Cyren, Inc
 
Kismet
KismetKismet
Kismet
Nilesh Pawar
 
Ipfire open source firewall
Ipfire open source firewallIpfire open source firewall
Ipfire open source firewall
saing sab
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
Güney Bilişim
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
Lance Howell
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Relación de los campos con la E.F
Relación de los campos con la E.F Relación de los campos con la E.F
Relación de los campos con la E.F
Angiee Garcia
 
Yr catalogo campaña 7 a
Yr catalogo campaña 7 aYr catalogo campaña 7 a
Yr catalogo campaña 7 a
Cecy Somoza
 

More Related Content

What's hot

Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
Novosco
 
Ipfire open source firewall
Ipfire open source firewallIpfire open source firewall
Ipfire open source firewall
saing sab
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
Lance Howell
 

What's hot (20)

System and Network administrator
System and Network administratorSystem and Network administrator
System and Network administrator
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Fast Answers about Pertino
Fast Answers about PertinoFast Answers about Pertino
Fast Answers about Pertino
 
Botnet Detection And Countermeasures
Botnet Detection And CountermeasuresBotnet Detection And Countermeasures
Botnet Detection And Countermeasures
 
IPCop Firewall
IPCop FirewallIPCop Firewall
IPCop Firewall
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
 
Slides from IPv6 Threats
Slides from IPv6 ThreatsSlides from IPv6 Threats
Slides from IPv6 Threats
 
Kismet
KismetKismet
Kismet
 
Ipfire open source firewall
Ipfire open source firewallIpfire open source firewall
Ipfire open source firewall
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
 

Viewers also liked

interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
Flor Sindico Valverde
 
NYC-Veterans-Resource-Expo
NYC-Veterans-Resource-ExpoNYC-Veterans-Resource-Expo
NYC-Veterans-Resource-Expo
RICHARD M. JONES
 

Viewers also liked (13)

Relación de los campos con la E.F
Relación de los campos con la E.F Relación de los campos con la E.F
Relación de los campos con la E.F
 
Yr catalogo campaña 7 a
Yr catalogo campaña 7 aYr catalogo campaña 7 a
Yr catalogo campaña 7 a
 
Dada_Essay2
Dada_Essay2Dada_Essay2
Dada_Essay2
 
Ch6c
Ch6cCh6c
Ch6c
 
Rachita Resume
Rachita ResumeRachita Resume
Rachita Resume
 
interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
interesante sobre evalacion por competenciasCfakepathinstrumentosdeevaluacinf...
 
Globallizacion y deporte
Globallizacion y deporteGloballizacion y deporte
Globallizacion y deporte
 
Grupo juvenil nuestra señora de belen
Grupo juvenil nuestra señora de belenGrupo juvenil nuestra señora de belen
Grupo juvenil nuestra señora de belen
 
estructura lineal lenguaje C
estructura lineal lenguaje Cestructura lineal lenguaje C
estructura lineal lenguaje C
 
Fiche pédagogique Les trois petits cochons
Fiche pédagogique Les trois petits cochonsFiche pédagogique Les trois petits cochons
Fiche pédagogique Les trois petits cochons
 
NTX
NTXNTX
NTX
 
NYC-Veterans-Resource-Expo
NYC-Veterans-Resource-ExpoNYC-Veterans-Resource-Expo
NYC-Veterans-Resource-Expo
 
المجلة الإلكترونية شهر ـ 10
المجلة الإلكترونية شهر ـ 10 المجلة الإلكترونية شهر ـ 10
المجلة الإلكترونية شهر ـ 10
 

Similar to IPV6 a tale of two protocols

Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
saryu2011
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test Methodology
Ixia
 
All about routers
All about routersAll about routers
All about routers
agwanna
 

Similar to IPV6 a tale of two protocols (20)

Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test Methodology
 
Ipv6 presention
Ipv6 presentionIpv6 presention
Ipv6 presention
 
Ipv6 presention
Ipv6 presentionIpv6 presention
Ipv6 presention
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
10 fn s05
10 fn s0510 fn s05
10 fn s05
 
10 fn s05
10 fn s0510 fn s05
10 fn s05
 
voip_en
voip_envoip_en
voip_en
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
 
PLNOG 6: Jan Larsson - The History and Future of IPv6
PLNOG 6: Jan Larsson - The History and Future of IPv6PLNOG 6: Jan Larsson - The History and Future of IPv6
PLNOG 6: Jan Larsson - The History and Future of IPv6
 
All about routers
All about routersAll about routers
All about routers
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
 
IPv6 for the Enterprise
IPv6 for the EnterpriseIPv6 for the Enterprise
IPv6 for the Enterprise
 
Enterprise Preparation for IPv6
Enterprise Preparation for IPv6Enterprise Preparation for IPv6
Enterprise Preparation for IPv6
 
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessAdvances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
 
IPv6 training guide - Yuval Shaul
IPv6 training guide - Yuval ShaulIPv6 training guide - Yuval Shaul
IPv6 training guide - Yuval Shaul
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 

More from FitCEO, Inc. (FCI)

Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
FitCEO, Inc. (FCI)
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
FitCEO, Inc. (FCI)
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
FitCEO, Inc. (FCI)
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
FitCEO, Inc. (FCI)
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
FitCEO, Inc. (FCI)
 

More from FitCEO, Inc. (FCI) (20)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance Guide
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
 
CODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHFCODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHF
 

IPV6 a tale of two protocols

  • 1. IPV6: A Tale of Two Protocols Remember when you installed Windows 7 or 8? Or maybe it was Mac OSX? Well, when you installed one of those, you received an IPV6 stack for free! Indeed, the IPv6 protocol was installed and automatically enabled to prepare you for the next generation of IP protocols. Currently your IPv6 traffic is “tunneled” across an existing IPv4 network because we live in an IPv4-dominated world. This tunneling creates an entry point for many vulnerabilities yet to be discovered, although quite a few have already been discovered. The majority of our network traffic monitoring tools are also based on IPv4 computer networking. Focusing on IPv4 protocols without an equal emphasis on IPv6 traffic puts us at risk in this mixed-IPv6 world. We may only be seeing part of the picture. The truly disquieting aspect of IPv6 is that it is constantly looking for configuration information from network routers. This information is easily falsified and may be used to auto-configure IPv6 stacks. There are also many opportunities to “fuzz” the IPv6 protocol to find weaknesses specific to stack implementation. While IPv6 is not currently accessible outside of the local network, this means that the local network may be vulnerable to attack from within, while IPv4 monitoring tools sit idly by. Further, stack-level compromises do not require services to be enabled on a target machine, exposing a vulnerability at a level below web, ftp, and other network services. Therefore, a machine with no network services whatsoever may become a victim of an IPv6-based attack. So for those networks that don’t need IPv6 – disable it! For those that do, consider securing your IPv6 implementation: • Make sure that IPv6 routing information is authoritative for your IPv6 domain • Make sure that IPv6 naming services are authoritative for your IPv6 domain • Ensure that IPv6 parameters applicable to your stack are configured and not open to auto- configuration • Ensure that firewalls that support IPv6 are configured properly • Keep in mind that IPv6 traffic is often tunneled over IPv4 Many broadband networks (cable providers in particular) today support IPv6. These gateway devices may have filtering rules in their firmware permitting the user to limit and filter IPv6 traffic. Make sure that you have enabled as much of this as possible to protect your internal network. While most security companies tend to focus only on the IPv4 network, essentially missing some vulnerabilities that experienced attackers may use to compromise your network, VIMRO actively examines IPv6 as a component in our network assessments. Contact VIMRO now for the complete protocol picture for your networked systems. services@vimro.com (800) 272-0019