ipv6 distributed security
play

IPv6 Distributed Security Activity Status - PowerPoint PPT Presentation

Sep 12, 2022 •460 likes •607 views

IPv6 Distributed Security Activity Status <draft-vives-v6ops-ipv6-security-ps-01> (Problem Statement) <draft-palet-v6ops-ipv6security-01> (Requirements) Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

  1. IPv6 Distributed Security Activity Status <draft-vives-v6ops-ipv6-security-ps-01> (Problem Statement) <draft-palet-v6ops-ipv6security-01> (Requirements) Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) Gregorio Martinez (gregorio@um.es) Antonio Gomez Skarmeta (skarmeta@um.es) Pekka Savola (psavola@funet.fi) 1

  2. Motivation • How would the deployment of IPv6 affect the security of a network? • IPv6 enabled devices and networks bring some issues to be taken into account by security administrators: – End-2-end communications – IPsec in all IPv6 stacks – Increased number of IP devices – Increased number of “nomadic” devices • Identify IPv6 Issues that justify the need of a new security model 2

  3. Network-based Security Model (I) CLIENTS I NTERNET SERVERS THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 3

  4. Network-based Security Model (II) • Main Assumptions: – Threats come from “outside” – Protected nodes won’t go “outside” – No backdoors (ADSL, WLAN, etc.) • Main Drawbacks: – Centralized model – Do not address threats coming from inside – FW usually acts as NAT/Proxy – Special solutions are needed for Transport Mode Secured Communications 4

  5. Host-based Security Model (I) CLIENTS I NTERNET Policy Decision Point (PDP) ALERT SERVERS DEFAULT TRUST ON SEC. POLICY THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 5

  6. Host-based Security Model (II) HOME HOT-SPOT I NTERNET ALERT Policy Decision OFFICE DEFAULT Point (PDP) TRUST ON SEC. POLICY THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 6

  7. Host-based Security Model (III) • BASIC IDEA : Security Policy centrally defined and distributed to PEPs. The network entities will authenticate themselves in order to be trusted. • THREE elements: – Policy Specification Language – Policy Exchange Protocol – Authentication of Entities 7

  8. Host-based Security Model (IV) • Main Assumptions : – Threats come from anywhere in the network – Each host can be uniquely and securely identified – Security could be applied in one or more of the following layers: network, transport and application • Main Drawbacks : – Complexity – Uniqueness and secured identification of hosts is not trivial – Policy updates have to be accomplished in an efficient manner – A compromised host still is a problem • But “isolating” it could be a solution 8

  9. Host-based Security Model (V) • Main Advantages: – Protects against internal attacks – Don’t depend on where the host is connected – Still maintain the centralized control – Enables the end-2-end communication model, both secured or not – Better decision could be taken based on host-specific info. – Enables a better collection of audit info 9

  10. IPv6 Issues (I) 1. End-2-end – Any host must be reachable from anywhere. NAT/Proxy is not desired. 2. Encrypted Traffic – For example IPsec ESP Transport Mode Traffic 3. Mobility – Both Mobile IP and the increase of “portable” IP devices will mean they will be in “out-of-control” networks 4. Addresses – Much more addresses -> hosts with more than one – Randomly generated addresses – Link-local Addresses 10

  11. IPv6 Issues (II) 5. Neighbor Discovery – RA, RS, NA, NS and Redirect Messages could be used in a malicious way -> SEND 6. Embedded Devices – Number of devices with almost no resources to perform security tasks -> should be taken into account in a possible solution 11

  12. Requirements towards a Solution • Dynamic security policy specification language, exchange protocol and server • Authentication of entities • Support of SEND protocol • Support for unmanaged nodes/devices • Control and node/network partition mechanism – Securization of the rest of the network in case of a thread, even if internal • Alert/notification mechanism – Facilitate the inter-node and/or node-policy server communication • Node or host firewall, with a secure “default configuration”, that can be updated by a trusted dynamic security policy server. Should also include functionalities such as: – Integral thread protection – Resolution and arbitration of conflicts between different security policies – Support for end-to-end application level security (i.e., Web Services security standards) – Intrusion detection – Collection of audit information • Optionally it could also include: – Anti-virus – Anti-spam 12

  13. Next Steps • Get inputs from the WG and security area • Continue the work – Solutions – Implementation – Trial in real networks, not just labs 13

  14. 14 Questions ? Thanks !

Recommend

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) 1 Motivation How would the deployment of IPv6 affect the security of a network? IPv6 enabled devices and networks bring

305 views • 19 slides
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions Security of IPv6

625 views • 33 slides
IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 fmajstor@cisco.com, IPv6 Security Agenda IPv6 Primer IPv6 Protocol

241 views • 21 slides
IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction to WLCG &amp; IPv6 IPv6 security &amp; threats IPv6 protocol attacks Issues for site network &amp; security teams Issues for sys admins

501 views • 34 slides
Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen Status -00 posted on 25 January 2013 Some comments on the list (see later) Problem Statement

378 views • 10 slides
Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The University of Tokyo / Laboratoire dInformatique de Paris 6 Summary IPv6 Mobile IPv6 Security and Mobile IPv6 Protections by

669 views • 50 slides
The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich, Ph.D. jullrich@sans.edu 1 Housekeeping This presentation consists of slides and audio. If you are experiencing any problems/ issues,

1.12k views • 56 slides
Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension Headers Antonios Atlasis antonios.atlasis@cscss.org Centre for Strategic Cyberspace + Security Science Bio Independent IT Security

689 views • 66 slides
v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations draft-savola-v6ops-security-overview-00.txt Pekka Savola, CSC/FUNET Overview Overview Look at different kinds of issues IPv6 protocol Transition mechanisms in general

853 views • 10 slides
IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda Introduction to Integralis IPv6 Security Concerns Questions Private &amp; Confidential Continuous Secure Service Delivery Governance,

336 views • 21 slides
IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1 04/12/2015' Presentation Objectives ! Create awareness of IPv6 Security implications. ! Highlight technical concepts on IPv6 weaknesses ! Describe

822 views • 36 slides
IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet

IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet

IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet (jordi.palet@consulintel.es) Alvaro Vives (alvaro.vives@consulintel.es) Gregorio Martinez (gregorio@dif.um.es) Antonio Skarmeta

664 views • 7 slides
IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer Sc. &amp; Engg. LOGO Indian Institute of Technology Guwahati Agenda Outline Motivation for IPv6 Brief comparision between IPv6 and IPv4

290 views • 25 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break

IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break

IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break 13:00 - 14:00 Lunch 15:30 - 15:45 Break 17:30 End 2 Introductions Name Number in the list Experience with Security and IPv6

1.9k views • 173 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
IPv6?? Yawn amiright? Actually, IPv6 adoption is now very robust. E.g.: Google Clients

IPv6?? Yawn amiright? Actually, IPv6 adoption is now very robust. E.g.: Google Clients

Dont Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Jakub (Jake) Czyz, University of Michigan &amp; QuadMetrics, Inc. Matthew Luckie, University of Waikato Mark Allman, International Computer Science

552 views • 17 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org /

IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org /

IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org / philippe.biondi(at)eads.net arno(at)natisbad.org /

896 views • 61 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides

More recommend