IPv6 Security - PowerPoint PPT Presentation

About This Presentation
Title:

IPv6 Security

Description:

IPv6 Has built in security via IPsec (Internet Protocol Security). IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite. – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 23
Provided by: JeffM165
Category:
Tags: ipv6 | security | windows

less

Transcript and Presenter's Notes

Title: IPv6 Security


1
IPv6 Security Security concerns over the switch
to IPv6
2
  • IPv6 Has built in security via IPsec (Internet
    Protocol Security).
  • IPsec Operates at OSI layer 3 or internet layer
    of the Internet Protocol Suite.
  • IPsec
  • Internet Engineering Task Force (IETF)
  • Encrypts the IP connection between computers
  • Data is encrypted at the packet level
  • The standard for IP encryption

3
  • IPSec provides four major functions
  • Confidentiality The sender can encrypt the
    packets before transmitting them across the
    network. If the communication is intercepted, it
    cannot be read by anybody.
  • Data Integrity The receiver can verify whether
    the data was changed while travelling the
    internet.
  • Origin authentication The receiver can
    authenticate the source of the packet.
  • Anti replay protection The receiver can verify
    that each packet is unique and not duplicated.

4
  • IPsec is a framework of open standards which uses
    the following three protocols
  • Security association
  • Authentication Header
  • Encapsulating Security Payload

5
  • Security Association Handles protocols and
    algorithms used to generate the encryption and
    authentication keys used by Ipsec.

6
  • Authentication Header provides connectionless
    integrity and data origin authentication for IP
    datagrams.

7
  • Encapsulating Security Payload provides
    confidentiality, data origin authentication and
    connectionless integrity.

8
  • IPsec was developed in conjunction with IPv6 and
    it is required in all implementations of IPv6.
  • Although IPsec was designed for IPv6 it can be
    and has been used to secure IPv4 traffic for some
    time now.

9
  • Although IPv6 itself has built in security, the
    coming change to IPv6 and away from IPv4 has
    raised security concerns over how the change from
    one protocol to another may be exploited.

10
  • The main catalyst for IPv6 is the soon to be
    depleted number of IPv4 addresses. Some estimates
    say it may take more than a decade for IPv6
    capabilities to spread throughout the network
    community.

11
(No Transcript)
12
(No Transcript)
13
  • During this transition time and even afterwards
    there will be servers available over IPv4 only,
    some will only be available to IPv6 and some
    available to both protocols.
  • Support and security for both of these protocols
    will be needed for an extended period.

14
  • The security concerns at this early stage deal
    with the minimal but growing amount of IPv6
    traffic running across IPv4 networks that are not
    secure against threats arriving via this IPv6
    traffic.

15
  • Most U.S. organizations have hidden IPv6 traffic
    running across their networks. They can have IPv6
    running on their networks and not know it.
  • Windows 7, Vista, Windows Server 2008, MAC OS X,
    Linux And Solaris all ship with IPv6 enable by
    default.

16
  • The main concern lies with security meant to
    monitor IPv4 traffic. This security needs to be
    updated to include IPv6.
  • Firewalls need to be able to distinguish between
    IPv4 and IPv6. If you only have an IPv4 firewall
    you can have IPv6 running between you and the
    threat.

17
  • Tunneling is another area of concern. IPv6
    traffic can be tunneled over IPv4 using programs
    such as Teredo, 6to4, or ISATAP.
  • Typical IPV4 security devices are not tuned to
    look for tunneled traffic. Tunneled traffic can
    be hard to discern and decipher in any case as
    the following example suggests gtgt you can tunnel
    IPv6 over HTTP over IPv4.

18
  • Rogue IPv6 traffic can include attacks such as
    botnet commands and controls.
  • One example of an botnet attack using IPv6 had
    the IPv6 protocol hiding itself as IPv4 through
    the router. It was then attacking and issuing
    command and controls to a botnet in the far east.
    Another type of threat has seen illegal file
    sharing that leverages IPv6 for peer to peer
    communications.

19
  • The type 0 routing header is another potential
    security problem with IPv6. This feature of IPv6
    allows you to specify in the header what route is
    used to forward traffic. A hacker could use this
    to overwhelm a part of the network generating
    denial-of-service traffic.
  • RFC 5095 dated December 2007 called for measures
    to confront this problem. Implemented yet?

20
  • The number of attacks via IPv6 has been low but
    this can be attributed to the low amount of IPv6
    traffic and the fact that the vast majority of
    the prime targets are still using IPv4.

21
  • Organizations will have to mirror what they have
    done for IPv4 security with IPv6. Until recently
    IPv4 was the only protocol used and the only one
    that network security needed to be concerned
    with. Now there is IPv4, IPv6 and IPv6 tunneled
    over IPv4.

22
  • Companies are now coming out with products to
    deal with these issues.
  • Command Information Assure 6 and McAfee Network
    Security Platform both provide full IPv6 and
    tunnel inspection.
  • Cisco and Juniper offer IPv6 enabled routers and
    firewalls.
Write a Comment
User Comments (0)
About PowerShow.com