ipv6 distributed security requirements
play

IPv6 distributed security requirements - PowerPoint PPT Presentation

Nov 27, 2022 •581 likes •664 views

IPv6 distributed security requirements <draft-palet-v6ops-ipv6security-00.txt> Jordi Palet (jordi.palet@consulintel.es) Alvaro Vives (alvaro.vives@consulintel.es) Gregorio Martinez (gregorio@dif.um.es) Antonio Skarmeta

  1. IPv6 distributed security requirements <draft-palet-v6ops-ipv6security-00.txt> Jordi Palet (jordi.palet@consulintel.es) Alvaro Vives (alvaro.vives@consulintel.es) Gregorio Martinez (gregorio@dif.um.es) Antonio Skarmeta (skarmeta@dif.um.es) 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 1

  2. Motivation • Current security policies doesn’t longer apply for end-to-end security with IPv6 – Border firewall = bottleneck • Users and devices start to be “nomadic” – “Static” security setup-ups are a wrong approach • Different visited networks have different security requirements – Manual changes are dangerous – Will not be acceptable for the network manager • Increase in security means increase in processing power – Distribution of security “overhead” could be a solution 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 2

  3. Approach for Solution • Extensive use of “personal firewalls” – Can cope with “interior” security • Personal firewalls should be enabled by default • They should look for a security policy manager in the visited network – Acquire and implement the required local policy – If their processing capabilities are exceeded, then rely on a distributed firewall approach • If IDS are present, the “local” security policy manager can get feedback from it, and suggest security changes to the complete network • Can we cope with virus and spam ? 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 3

  4. Concepts • Attack/Threat: Either passive or active • Security (S): Protection against attacks+IPsec • Policy Management Tool (PMT): Used by the network administrator to edit the policies • Policy Decision Points (PDP): Entity which distribute S policies • Security Policy (SP): Information used by PDP to provide S • Policy Enforcement Points (PEP): Apply S (Clients) 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 4

  5. Actual Security Scheme CLIENTS I NTERNET SERVERS THREAT Security Policy 1 Security Policy 2 PDP 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 5

  6. Distributed Security Scheme CLIENTS (PEP) I NTERNET PDP ALERT DEFAULT SERVERS TRUST ON SEC. POLICY (PEP) THREAT Security Policy 1 Security Policy 2 PDP 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 6

  7. Distributed Security Example HOME HOT-SPOT I NTERNET SP SERVER ALERT OFFICE DEFAULT TRUST ON SEC. POLICY THREAT Security Policy 1 Security Policy 2 PDP 59th IETF, Seoul draft-palet-v6ops-ipv6security-00.txt 7

Recommend

IPv6 Distributed Security Activity Status &lt;draft-vives-v6ops-ipv6-security-ps-01&gt; (Problem

IPv6 Distributed Security Activity Status &lt;draft-vives-v6ops-ipv6-security-ps-01&gt; (Problem

IPv6 Distributed Security Activity Status &lt;draft-vives-v6ops-ipv6-security-ps-01&gt; (Problem Statement) &lt;draft-palet-v6ops-ipv6security-01&gt; (Requirements) Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

607 views • 14 slides
IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) 1 Motivation How would the deployment of IPv6 affect the security of a network? IPv6 enabled devices and networks bring

305 views • 19 slides
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions Security of IPv6

625 views • 33 slides
IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 fmajstor@cisco.com, IPv6 Security Agenda IPv6 Primer IPv6 Protocol

241 views • 21 slides
IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction to WLCG &amp; IPv6 IPv6 security &amp; threats IPv6 protocol attacks Issues for site network &amp; security teams Issues for sys admins

501 views • 34 slides
Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl

Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl

1 Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl Agenda 2 Time Frame : 20 - 25 minutes. History Why a new IPV6 How IPV6 meets the new requirements on the Internet Security

179 views • 16 slides
Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen Status -00 posted on 25 January 2013 Some comments on the list (see later) Problem Statement

378 views • 10 slides
Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The University of Tokyo / Laboratoire dInformatique de Paris 6 Summary IPv6 Mobile IPv6 Security and Mobile IPv6 Protections by

669 views • 50 slides
The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich, Ph.D. jullrich@sans.edu 1 Housekeeping This presentation consists of slides and audio. If you are experiencing any problems/ issues,

1.12k views • 56 slides
Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension Headers Antonios Atlasis antonios.atlasis@cscss.org Centre for Strategic Cyberspace + Security Science Bio Independent IT Security

689 views • 66 slides
v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations draft-savola-v6ops-security-overview-00.txt Pekka Savola, CSC/FUNET Overview Overview Look at different kinds of issues IPv6 protocol Transition mechanisms in general

853 views • 10 slides
IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda Introduction to Integralis IPv6 Security Concerns Questions Private &amp; Confidential Continuous Secure Service Delivery Governance,

336 views • 21 slides
IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1 04/12/2015' Presentation Objectives ! Create awareness of IPv6 Security implications. ! Highlight technical concepts on IPv6 weaknesses ! Describe

822 views • 36 slides
IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer Sc. &amp; Engg. LOGO Indian Institute of Technology Guwahati Agenda Outline Motivation for IPv6 Brief comparision between IPv6 and IPv4

290 views • 25 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break

IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break

IPv6 Security Training Course February 2019 09:00 - 09:30 Coffee, Tea 11:00 - 11:15 Break 13:00 - 14:00 Lunch 15:30 - 15:45 Break 17:30 End 2 Introductions Name Number in the list Experience with Security and IPv6

1.9k views • 173 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
IPv6?? Yawn amiright? Actually, IPv6 adoption is now very robust. E.g.: Google Clients

IPv6?? Yawn amiright? Actually, IPv6 adoption is now very robust. E.g.: Google Clients

Dont Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Jakub (Jake) Czyz, University of Michigan &amp; QuadMetrics, Inc. Matthew Luckie, University of Waikato Mark Allman, International Computer Science

552 views • 17 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
Migration Broker: Our requirements Simon.Muyal@renater.fr Jerome.Durand@renater.fr Major goal

Migration Broker: Our requirements Simon.Muyal@renater.fr Jerome.Durand@renater.fr Major goal

Migration Broker: Our requirements Simon.Muyal@renater.fr Jerome.Durand@renater.fr Major goal To provide temporary IPv6 connectivity to: sites not connected to Renaters IPv6 service 30% of RENATERs access networks support IPv6

169 views • 5 slides
IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org /

IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org /

IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org / philippe.biondi(at)eads.net arno(at)natisbad.org /

896 views • 61 slides

More recommend