IPv6 Security
2 likes715 views
The document discusses various myths and security concerns related to IPv6, highlighting misconceptions about its inherent security features and potential vulnerabilities. It covers attack vectors, methods of reconnaissance, and security implementation considerations, emphasizing the need for education and robust cybersecurity practices during the transition to IPv6. Overall, it argues for awareness and preparedness as critical factors for ensuring security in the evolving IPv6 landscape.
IPv6 Security
- 1. www.progreso.com.sg1 IPv6 Cyber Security: What Security Issues have you Missed Out? 6 September 2013
- 2. www.progreso.com.sg2 Agenda IPv6 Security Myths IPv6 Security Compromises Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 3. www.progreso.com.sg3 Myth on Increased Security IPv6 is more secure than IPv4, since security was considered during the design of the protocol and not as an afterthought.
- 4. www.progreso.com.sg4 Myth on End-to-end Principle IPv6 will return the end-to-end principle to the Internet, hence security architectures will switch from the network to the hosts.
- 5. www.progreso.com.sg5 Myth on NAT IPv6 networks will be NAT-free.
- 6. www.progreso.com.sg6 Myth on Host Reconnaissance The massive IPv6 address space will make host scanning unfeasible.
- 7. www.progreso.com.sg7 Agenda IPv6 Security Myths IPv6 Security Compromises Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 8. www.progreso.com.sg8 The New Cyber Landscape - Multiple threat vectors
- 9. www.progreso.com.sg9 Attack Vectors on IPv6 IPv6 addressing architecture Network reconnaissance Spoofing and smurf attacks Worms and viruses Main packet header + extension header issues IPv6 layer-2 and layer-3 security compromises Security on the routing infrastructure Vulnerabilities in transition mechanisms
- 10. www.progreso.com.sg10 Hacking Groups Script kiddies Political Hacktivists Crime Rings State Sponsored Teams
- 15. www.progreso.com.sg15 Agenda IPv6 Security Myths IPv6 Security Compromises Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 16. www.progreso.com.sg16 Dissecting an IPv6 Address Global Routing Prefix (length = a) Subnet ID (length = b) Interface ID (length = 128 - a – b)
- 17. www.progreso.com.sg17 Methods of Generating the IID EUI-64: Embedding the MAC Employ low-byte addresses Embed IPv4 address “Wordy” address Privacy or temporary address Transition/Coexistence mechanisms
- 18. www.progreso.com.sg18 EUI-64 IEEE OUI ff-fe Lower 24 bits of MAC Known/searchable (24 bits) Fixed (16 bits) Unknown (24 bits) 264 224
- 20. www.progreso.com.sg20 Embedded IPv4 Addresses 2001:db8:1234:5678:0000:0000:c0a8:0101 2001:db8:1234:5678:0000:0000:0808:0808 264 232 8.8.8.8 192.168.1.1
- 21. www.progreso.com.sg21 Wordy Addresses 264 232 2001:db8:1234:5678:dec:1ded:c0:ffee Dictionary-based scanning 2a03:2880:2110:3f02:face:b00c::
- 22. www.progreso.com.sg22 Privacy/Temporary Addresses RFC 4941 2001:db8:1234:5678:e24a:71c:d93f:7b0 2001:db8:1234:5678:0000:0000:0000:8888 Host is still compromised!
- 23. www.progreso.com.sg23 Transition/Coexistence Technologies 6to4 = 2002:c0a1:c0fe:1:2e0:18ff:fefb:7a25/48 ISATAP = fe80::5efe:c0a1:c0fe NAT64 = 64:ff9b::c0a1:c0fe
- 24. www.progreso.com.sg24 Agenda IPv6 Security Myths IPv6 Security Compromises Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 25. www.progreso.com.sg25 IPv6 Education and Training
- 28. www.progreso.com.sg28 Risks of Tunneling Protocols
- 29. www.progreso.com.sg29 New Features Adds Complexity
- 30. www.progreso.com.sg30 Agenda IPv6 Security Myths IPv6 Security Compromises Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 33. www.progreso.com.sg33 Leverage Accredited IPv6 Test Program
- 36. www.progreso.com.sg36 Don’t Lose Sleep Over Dual Stacking
- 37. www.progreso.com.sg37 Agenda IPv6 Security Myths Network Reconnaissance in IPv6 IPv6 for Security Practitioners Ensuring Cybersecurity in IPv6 Transitions IPv6 Security Implementations
- 38. www.progreso.com.sg38 IPv6 Security Measures Endpoint security Standalone firewalls Packet filters Data link level security
- 39. www.progreso.com.sg39 IPv6 Security Implementation Concerns IPv6 protocol stack vulnerabilities Lack of IPv6 exposure and operational experience Unintentional connectivity via tunneling Lack of first-hop security features Application TCP UDP IPv4 IPv6 Data Link
- 40. www.progreso.com.sg40 Call to Action IPv6 is the future of the Internet There are significant differences between IPv4 and IPv6 Don’t lag behind in IPv6 knowledge Join now to learn more!