Presentation is loading. Please wait.

Presentation is loading. Please wait.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Published byLesley Higley Modified over 9 years ago

Similar presentations

Presentation on theme: " IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite."— Presentation transcript:

1

2  IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.  IPsec ◦ Internet Engineering Task Force (IETF) ◦ Encrypts the IP connection between computers ◦ Data is encrypted at the packet level ◦ The standard for IP encryption

3  IPSec provides four major functions:  Confidentiality – The sender can encrypt the packets before transmitting them across the network. If the communication is intercepted, it cannot be read by anybody.  Data Integrity – The receiver can verify whether the data was changed while travelling the internet.  Origin authentication – The receiver can authenticate the source of the packet.  Anti replay protection – The receiver can verify that each packet is unique and not duplicated.

4 ◦ IPsec is a framework of open standards which uses the following three protocols:  Security association  Authentication Header  Encapsulating Security Payload

5  Security Association: Handles protocols and algorithms used to generate the encryption and authentication keys used by Ipsec.

6  Authentication Header provides connectionless integrity and data origin authentication for IP datagrams.

7  Encapsulating Security Payload provides confidentiality, data origin authentication and connectionless integrity.

8  IPsec was developed in conjunction with IPv6 and it is required in all implementations of IPv6.  Although IPsec was designed for IPv6 it can be and has been used to secure IPv4 traffic for some time now.

9  Although IPv6 itself has built in security, the coming change to IPv6 and away from IPv4 has raised security concerns over how the change from one protocol to another may be exploited.

10  The main catalyst for IPv6 is the soon to be depleted number of IPv4 addresses. Some estimates say it may take more than a decade for IPv6 capabilities to spread throughout the network community.

11

12

13  During this transition time and even afterwards there will be servers available over IPv4 only, some will only be available to IPv6 and some available to both protocols.  Support and security for both of these protocols will be needed for an extended period.

14  The security concerns at this early stage deal with the minimal but growing amount of IPv6 traffic running across IPv4 networks that are not secure against threats arriving via this IPv6 traffic.

15  Most U.S. organizations have hidden IPv6 traffic running across their networks. They can have IPv6 running on their networks and not know it.  Windows 7, Vista, Windows Server 2008, MAC OS X, Linux And Solaris all ship with IPv6 enable by default.

16  The main concern lies with security meant to monitor IPv4 traffic. This security needs to be updated to include IPv6.  Firewalls need to be able to distinguish between IPv4 and IPv6. If you only have an IPv4 firewall you can have IPv6 running between you and the threat.

17  Tunneling is another area of concern. IPv6 traffic can be tunneled over IPv4 using programs such as Teredo, 6to4, or ISATAP.  Typical IPV4 security devices are not tuned to look for tunneled traffic. Tunneled traffic can be hard to discern and decipher in any case as the following example suggests >> you can tunnel IPv6 over HTTP over IPv4.

18  Rogue IPv6 traffic can include attacks such as botnet commands and controls.  One example of an botnet attack using IPv6 had the IPv6 protocol hiding itself as IPv4 through the router. It was then attacking and issuing command and controls to a botnet in the far east. Another type of threat has seen illegal file sharing that leverages IPv6 for peer to peer communications.

19  The type 0 routing header is another potential security problem with IPv6. This feature of IPv6 allows you to specify in the header what route is used to forward traffic. A hacker could use this to overwhelm a part of the network generating denial-of-service traffic.  RFC 5095 dated December 2007 called for measures to confront this problem. Implemented yet?

20  The number of attacks via IPv6 has been low but this can be attributed to the low amount of IPv6 traffic and the fact that the vast majority of the prime targets are still using IPv4.

21  Organizations will have to mirror what they have done for IPv4 security with IPv6. Until recently IPv4 was the only protocol used and the only one that network security needed to be concerned with. Now there is IPv4, IPv6 and IPv6 tunneled over IPv4.

22  Companies are now coming out with products to deal with these issues.  Command Information Assure 6 and McAfee Network Security Platform both provide full IPv6 and tunnel inspection.  Cisco and Juniper offer IPv6 enabled routers and firewalls.

Download ppt " IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Similar presentations

Ads by Google