This document discusses security considerations for residential gateways (RGs) and customer premise equipment (CPE) with IPv6. It questions whether IPv6 security policies should be the same as IPv4 and considers using more advanced techniques like intrusion prevention systems and dynamic policy updates. The proposal is for an individual RFC documenting an "advanced IPv6 security" approach leveraging modern capabilities rather than a simpler policy that matches IPv4. This could provide better security while preserving end-to-end connectivity as threats emerge.
Network Function Virtualization (NFV) using IOS-XRCisco Canada
Network Function Visualization (NFV) is being heavily adapted in Service Providers, Enterprise Network, and data center market segments. IOS-XRv 9000 and IOS XRv offer NFV functionality leveraging Cisco IOS-XR's already proven and time-tested deployment of this network OS in the field. The session will go over the fundamentals of NFV, introduces virtual flavors of IOS-XR and their use cases as virtual Route Reflector (vRR) and virtual Provider Edge (vPE), as well as demonstrate how these use-cases bring improvement and efficiency to the network implementation. In this session the attendees will be offered a hands-on experience of deploying IOS-XRv 9000 in a virtual environment, explore its basics, and configure it as a virtual device.
Network Function Virtualization (NFV) using IOS-XRCisco Canada
Network Function Visualization (NFV) is being heavily adapted in Service Providers, Enterprise Network, and data center market segments. IOS-XRv 9000 and IOS XRv offer NFV functionality leveraging Cisco IOS-XR's already proven and time-tested deployment of this network OS in the field. The session will go over the fundamentals of NFV, introduces virtual flavors of IOS-XR and their use cases as virtual Route Reflector (vRR) and virtual Provider Edge (vPE), as well as demonstrate how these use-cases bring improvement and efficiency to the network implementation. In this session the attendees will be offered a hands-on experience of deploying IOS-XRv 9000 in a virtual environment, explore its basics, and configure it as a virtual device.
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Ignite your network digitize your businessCisco Canada
Transform your business with services that allow you to innovate faster, simplify operations, and reduce risk. Learn how to build on an open, software-driven approach that uses virtualization, automation, analytics, and cloud, with Cisco’s Digital Architecture that will prepare you to respond to new opportunities at digital speed.
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.
Increasing mobile usage and device choice have exposed the unnecessary complexity and limited device support of legacy Remote Access solutions. It has also left a security hole as users circumvent corporate policy in a borderless network. This session will focus on how the AnyConnect Secure Mobility solution combines Cisco's web security and next-generation remote access technology to deliver a robust and secure enterprise mobility solution. Customers will benefit from context-aware, comprehensive and preemptive security policy enforcement, an intelligent, seamless and always-on connectivity and secure mobility across today's proliferating managed and unmanaged mobile devices. At the end of the session, attendees will have an in-depth understanding of the Cisco AnyConnect Secure Mobility solution, which integrates the Cisco AnyConnect Client, the Cisco Adaptive Service Appliance (ASA) and the Cisco Web Security Appliance (WSA). Attendees will understand recommended AnyConnect Security Mobility architectures and understand the implementation of the new solution based on current security installations.
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
Presentation from OpenStack Summit Tokyo
Online video link is below.
https://www.openstack.org/summit/tokyo-2015/videos/presentation/approaching-open-source-hyper-converged-openstack-using-40gbit-ethernet-network
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Ignite your network digitize your businessCisco Canada
Transform your business with services that allow you to innovate faster, simplify operations, and reduce risk. Learn how to build on an open, software-driven approach that uses virtualization, automation, analytics, and cloud, with Cisco’s Digital Architecture that will prepare you to respond to new opportunities at digital speed.
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.
Increasing mobile usage and device choice have exposed the unnecessary complexity and limited device support of legacy Remote Access solutions. It has also left a security hole as users circumvent corporate policy in a borderless network. This session will focus on how the AnyConnect Secure Mobility solution combines Cisco's web security and next-generation remote access technology to deliver a robust and secure enterprise mobility solution. Customers will benefit from context-aware, comprehensive and preemptive security policy enforcement, an intelligent, seamless and always-on connectivity and secure mobility across today's proliferating managed and unmanaged mobile devices. At the end of the session, attendees will have an in-depth understanding of the Cisco AnyConnect Secure Mobility solution, which integrates the Cisco AnyConnect Client, the Cisco Adaptive Service Appliance (ASA) and the Cisco Web Security Appliance (WSA). Attendees will understand recommended AnyConnect Security Mobility architectures and understand the implementation of the new solution based on current security installations.
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
Presentation from OpenStack Summit Tokyo
Online video link is below.
https://www.openstack.org/summit/tokyo-2015/videos/presentation/approaching-open-source-hyper-converged-openstack-using-40gbit-ethernet-network
Packet processing in the fast path involves looking up bit patterns and deciding on an actions at line rate. The complexity of these functions at Line Rate, have been traditionally handled by ASICs and NPUs. However with the availability of faster and cheaper CPUs and hardware/software accelerations, it is possible to move these functions onto commodity hardware. This tutorial will talk about the various building blocks available to speed up packet processing both hardware based e.g. SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience on DPDK and fd.io fast path look up with following sessions. 1: Introduction to Building blocks: Sujata Tibrewala
Refer to RTP Programmability and Automation Meetup Group:
https://www.meetup.com/Cisco-Programmability-and-Automation-Meetup-Group/events/278002529/
As engineers embrace infrastructure-as-code, building in testing and sanity checks of the proposed changes becomes critical. Batfish is an open-source tool that does network configuration analysis. Some of the project’s capabilities include analysis of system information, routing and forwarding tables, and ACLs. Batfish is written in python and is consumable in python, but also has Ansible modules available.
Achieving Network Deployment Flexibility with Mirantis OpenStackEric Zhaohui Ji
This is the deck presented for Intel Network Builder.
No longer do we live in a world where you can build your networks around expensive, proprietary pieces of hardware and software. Technology moves so fast that you need to be able to keep up, and that means changing your network on demand. But how can you achieve that kind of flexibility while still maintaining the crucial aspects of performance and reliability?
In this webinar we'll look at the network agility provided by OpenStack, which enables you to gain all of the advantages of software defined networking and Network Functions Virtualization without having to compromise on basic requirements. We'll discuss:
•How Mirantis OpenStack enables enterprise and telecom networking
•The features your OpenStack distribution needs to enable NFV
•Using DPDK and SR-IOV to enhance Virtual Network Function performance
•Achieving a Highly Available OpenStack control plane with Multi-rack deployment
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
1. IPv6 residential gateway security
Eric Vyncke
Cisco Systems CTO/Consulting Engineering
evyncke@cisco.com
1
2. The Security Questions
when adding IPv6 to a RG/CPE
Is IPv6 more or less secure than IPv4?
Roughly equivalent (lack of knowledge makes IPv6 less secure
for now)
Which security policy for IPv6?
Same as for IPv4? (including the ‘NAT security’)
Same as in 2000 when IPv4 CPE were designed?
How congruent must be the IPv* policies?
draft-vyncke-advanced-ipv6-security-00.txt> 2
3. Typical IPv4 Security
Apply spoofing anti-spoofing (and anti-bogons)
Allow all traffic inside to outside
Only allow traffic outside to inside if it matches an
outbound flow
Drop the rest
Specific TCP/UDP ports could be blocked (such as 445/
TCP) or opened
Often co-located with the NAT function (cfr iptables)
draft-vyncke-advanced-ipv6-security-00.txt> 3
4. IPv6 Changes a Few Things
Link-local / ULA are completely isolated from ‘bad’
Internet
Good for security
Home device are globally reachable
Perhaps less good for security
draft-vyncke-advanced-ipv6-security-00.txt> 4
5. CPE to CPE Communication
IPv4 vs. IPv6
SP want to see all user to user traffic
IPv4 WAN addresses must communicate
Usually in the same layer 2 domain… tricks to force traffic to BNG
IPv6 WAN addresses have no reason to communicate
IPv6 LAN addresses must communicate (easy: this is routed)
SP BNG
2001:db8:bad::/64
192.2.0.0/24
Eric’s CPE Ole’s CPE
2001:db8:café::/64 192.168.1.0/24 192.168.1.0/24 2001:db8:bad::/64
draft-vyncke-advanced-ipv6-security-00.txt> 5
6. IPv6 Simple Security
An IETF work item from James Woodyatt, Apple
Advices a security policy for IPv6 which is mostly congruent with the IPv4
one:
Basic anti-bogons/spoofing
Outbound permitted
Inbound permitted
Benefits:
Guidelines for the CPE implementers
Technically doable & easy
Congruent with IPv4 (easier for user)
Cons:
Break the open host to host promise of IPv6
draft-vyncke-advanced-ipv6-security-00.txt> 6
7. What has changed between v4 & v6?
IPv4 CPE designed pre-2000
Hosts were weak, vulnerable
CPE were CPU and memory constraints
NAT prevents any easy & direct host to host communication
Security technique: mainly firewall
IPv6 CPE are designed in 2010 Humm…
Wishful
IPv6 hosts are much stronger and resistant thinking for
sensors,
CPE have more CPU and memory webcams and
other small/
Host to host communication is possible embedded OS
New security techniques: Intrusion Prevention System,
reputation of IP addresses, centralized & automatic updates
draft-vyncke-advanced-ipv6-security-00.txt> 7
8. Proposal: less simple security
Why not use modern techniques for IPv6 CPE?
IPS
Automated updates (policies & engines)
Address reputation
Cloud computing
…
Individual I-D: draft-vyncke-advanced-ipv6-security
draft-vyncke-advanced-ipv6-security-00.txt> 8
9. Overview
7 policies are identified. These are largely based on
features which are commonly available in “advanced”
security gear for enterprises today
Home edge router is not something that is purchased
and thrown away when obsolete. Instead, it is actively
updated like many other consumer devices are today
(PCs, iPods and iPhones, etc.)
Business model may include a paid subscription service
from the manufacturer, a participating service or
content provider, consortium, etc.
draft-vyncke-advanced-ipv6-security-00.txt> 9
10. Advanced Security
Dynamic Update
IPS
User control
Feedback
draft-vyncke-advanced-ipv6-security-00.txt> 10
11. Why is this important to IPv6?
Security policy can be adjusted to match the threat as
IPv6 attacks arrive
We don’t break end-to-end IPv6, unless we absolutely
have to
While providing arguably better security,
troubleshooting, etc. than we would otherwise
draft-vyncke-advanced-ipv6-security-00.txt> 11
12. Conclusion
IPv6 is as (in)secure as IPv4
User education will be key
IPv6@2010 is different than IPv4@2000
More secure hosts
More powerful CPE
End-to-end connectivity could/should be restored
draft-vyncke-advanced-ipv6-security-00.txt> 12