Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion."— Presentation transcript:

1 By Rod Lykins

2  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion

3  Originally created due to foreseeable lack of Internet address space… ◦ 1979: 32-bit IPv4 provided 4.3 billion IP addresses ◦ 1990: 128-bit IPv6 development started by IETF ◦ 1998: IPv6 (RFC 2460) standard initially published  Address Space: 3.4 x 10 38 IP addresses ◦ Or 340,282,366,920,938,463,463,374,607,431,768,211,456 ◦ Earth = 4.5 billion years old; 100 trillion/second = 0.00000417% of used address space  IPv4 Address Depletion Slowed By: ◦ Variable Length Subnet Masks (VLSMs) ◦ Classless Inter-Domain Routing (CIDR) ◦ Network Address Translation (NAT)

4  Other than increased address space… ◦ New Header Format  Designed to minimize header overhead, which provides more efficient processing  Note: IPv4 headers and IPv6 headers are not interoperable and the IPv6 protocol is not backward compatible with the IPv4 protocol ◦ Efficient and Hierarchical Addresses  Backbone routers have much smaller routing tables ◦ Stateless and Stateful Address Configuration  Address configuration with or without a DHCP server ◦ Better Support for Quality of Service (QoS)  “Flow Label” in IPv6 Header – even when packet payload is encrypted with IPSec ◦ Better Security…

5  Large Address Space ◦ Default Subnet Size = 2 64 addresses  Scan 1,000,000 addresses / sec = > 500,000 year to scan ◦ Other Avenues for Attackers…  Advertised: Mail Servers, Web Servers, etc.  DNS Zone Transfers  Logfile Analysis  Applications  Multi-cast Group Addresses  During Transition (6to4)  IPSec ◦ Provides these Layer 3+ security features…  Confidentiality: IPSec traffic is encrypted…captured IPSec traffic cannot be deciphered without encryption key  Authentication: IPSec traffic is digitally signed with the shared encryption key so receiver can verify it was sent by IPSec peer  Integrity: IPSec traffic contains cryptographic checksum that incorporates the encryption key…the receiver can verify the packet was not modified in transit

6  Two Major Protocols ◦ Authentication Header (AH)  Similar to a CRC or CheckSum  Dependent on selected shared key, hash function, mode (tunnel or transport), and network (IPv4 or IPv6)  Provides integrity and authentication, but not confidentiality ◦ Encapsulating Security Payload (ESP)  Provides integrity, authentication, and confidentiality

7  Two Modes of Operation ◦ Transport  Only the actual payload of the IP packet is encrypted (i.e., the destination and source IP addresses, port numbers, and other IP header information is still readable ◦ Tunnel  The entire IP packet is encrypted and then placed into an IPSec endpoint where it is encapsulated inside another IP packet.  Wide Range of Crypto Choices ◦ MD5, SHA-1, DES, 3DES, AES…  Most, if not all, successful IPSec exploitation attacks are side-channel attacks ◦ Poor Key Management (i.e., IKE Aggressive Mode) ◦ Unsecure Passwords, etc.

8  Attack Vectors ◦ IPSec relies on key exchanges ◦ Neighbor Discovery Spoofing ◦ DoS and DDoS attacks ◦ Application Layer attacks

9  Dual-Stack  Simplest method  Tunnel IPv6 via IPv4  Translation IPv6 to IPv4

10  www.ietf.org www.ietf.org  www.IPv6.com www.IPv6.com  Microsoft TechNet  CompTIA Network+

11

Download ppt "By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
CS 265 – Project IPv6 Security Aspects Surekha Shinde.

CS 265 – Project IPv6 Security Aspects Surekha Shinde.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.

IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.

IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPv6 Network Security.

IPv6 Network Security.
Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.

Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Similar presentations

Ads by Google