Matt Ryanczak Network Operations Manager.

Slides:

Advertisements

Similar presentations

Why IPv6? Roque Gagliano LACNIC.

Advertisements

1 Introduction of IPv6 in Vienna University's LAN, ACOnet, VIX, ccTLD name service Wilfried Wöber, UniVie - ACOnet for FLIP-6, San Jose, CR Octoberber.

FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009) A Pilot Implementation of an NGN Dual Stack IPv4/IPv6 network for MEWC,

Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.

IPv6 Mobility Support Henrik Petander

IPv4 to IPv6 transition ALS Capacity Building April 2014

Building An IPv6 Deployment Plan v0.1 Alastair Matthews Network Engineer.

Results of a Security Assessment of the Internet Protocol version 6 (IPv6) Fernando Gont project carried out on behalf of the UK CPNI LACNOG 2010 Sao Paulo,

Internetworking II: MPLS, Security, and Traffic Engineering

4: Network Layer4a-1 IPv6. 4: Network Layer4a-2 History of IPv6 r IETF began thinking about the problem of running out of IP addresses in 1991 r Requires.

Introduction to IPv6 Network & Application Passakon Prathombutr Next Generation Internet (NGI) National Electronics and Computer Technology Center.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

CS 265 – Project IPv6 Security Aspects Surekha Shinde.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public IPv6 Intro – Part 1 1 IPv6 Intro Part 1: Overview and Addressing Basics.

1 IPv6 Advantages May 2001 May 2001

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

IPv6: The Next Generation Internet Protocol CEOS WGISS 18: Beijing, China September 2004 Dave Hartzell Computer Sciences Corp, NASA Ames

EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

IPv6 Victor T. Norman.

Prof. Dr. Sureswaran Ramadass Director National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia Prof. Dr. Sureswaran Ramadass Director National Advanced.

Implementing IPv6 Module B 8: Implementing IPv6

1 Introduction "Internet Protocol version 6" Presenter Veena Merz Manager Cisco Networking Area Academy.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

COSC 541 Data and Computer Communications IPV6 OVERVIEW Professor:Mort Anvari Student: Fuqiang Chen Student ID: Date:Mar

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

IPv6: The Next Generation Internet Protocol Luke Simpson and Martin Bouts ECE 4112 Spring 2005 May 2nd, 2005.

1 K. Salah Module 5.2: Internet Protocol CO vs. CL protocols IP Features –Fragmentation –Routing IP Datagram Format IPv6.

By Aaron Thomas. Quick Network Protocol Intro. Layers 1- 3 of the 7 layer OSI Open System Interconnection Reference Model  Layer 1 Physical Transmission.

CSCD 433/533 Advanced Computer Networks Lecture 1 Course Overview Fall 2011.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Data Communications I & II Project Sequence Tom Costello.

1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.

Wolfgang EffelsbergUniversity of Mannheim1 IP Version 6 The Next-Generation IP Protocol Wolfgang Effelsberg University of Mannheim September 2001.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Guide to Computer Network Security

Firewall Slides by John Rouda

CS 6401 IPv6 Outline Background Structure Deployment.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

Building a massively scalable serverless VPN using Any Source Multicast Athanasios Douitsis Dimitrios Kalogeras National Technical University of Athens.

Khaja Ahmed Architect Windows Networking Microsoft Corporation.

Heidelberg, May 1998 AIMS’99 Workshop Internet Protocol version 6 (IPv6) Úna Logan Broadcom Eireann Research Ltd.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public BSCI Module 8 Lessons 1 and 2 1 BSCI Module 8 Lessons 1 and 2 Introducing IPv6 and Defining.

Chapter 13 – Network Security

1 Chicago, IL 9/1/15. 2 Moving to IPv6 Mark Kosters, Chief Technology Officer With some help from Geoff Huston.

IPv6 – What You Need To Know Tom Hollingsworth CCNP,CCVP,CCSP, MCSE.

Juan Ortega 8/13/09 NTS300. “The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally.

1 Lessons from IPv6 Steven M. Bellovin

IP Routing Principles. Network-Layer Protocol Operations Each router provides network layer (routing) services X Y A B C Application Presentation Session.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

Is Cyber Security IPv6-Ready? HEPiXX – Vancouver, BC Bob Cowles October, 2011.

A Brief History of ARIN Matt Ryanczak Network Operations Manager.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

1 Computer Networks IPv6. 2 Motivation The primary motivation from changing the IP datagram format is to increase the size of the useable address space.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

CSCD 433/533 Advanced Computer Networks Lecture 1 Course Overview Spring 2016.

Network Devices and Firewalls Lesson 14. It applies to our class…

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.

Internet Protocol Version 6 Specifications

27th September 2016 IPv6 27th September 2016

Introducing Novell IPv6 Stack

LESSON 3.3_A Networking Fundamentals Understand IPv6 Part 1.

Guide to Computer Network Security

Practical IPv6 Filtering

Internet Protocol version 6 (IPv6)

Presentation transcript:

Matt Ryanczak Network Operations Manager

IPv6 Timeline IETF starts thinking about successors to IPv IETF forms IPNG area RFC 1475 TP/IX RFC 1550 IPng Paper Solicitation 1993 RFC1817 CIDR and Classful Routing RFC 1883 Draft IPv6 Spec bone started RFC 1970 Neighbor Discovery RFC 1971 Address Autoconfig 1996 RFC 3775 IPv6 mobility RFC3697 Flow Label Spec RFC bone phase out 2004 RFC 5095 Deprecation of Type 0 Routing Headers RFC 4942 IPv6 Security Considerations 2007 RFC 5722 Handling of overlappingIPv6 fragments 2009 RFC 5871 IANA Allocation Guidelines for the IPv6 Routing Header 2010 RFC 3315 DHCPv6 RFC 2553 Basic Socket Interface Extensions 2003

What happened to IPv5? The Internet Stream Protocol (ST, ST2, ST+) First developed in the late 1970s (Internet Engineering Note 119, 1979) Designed to transmit voice and other real time applications Guaranteed bandwidth, QOS Set the version field in IP header to 5 ST2 and ST+ saw interest from IBM, Sun and others in the 1990s There were a lot of potential replacements for IPv4: RFC 1752 Recommendation for the IP Next Generation Protocol (Pv6) RFC 1475: TP/IX: The Next Internet (IPv7) RFC 1621: PIP - The P Internet Protocol (IPv8) RFC 1374: TUBA - TCP and UDP with Bigger Addresses (IPv9) RFC 1606: A Historical Perspective On The Usage Of IP Version 9

ARIN IPv6 Timeline Sprint IPv6 WWW, DNS, FTP Worldcom IPv6 WWW, DNS, FTP Equi6IX IPv6 WWW, DNS, FTP, V6 Peering NTT | Tinet IPv6 Whois, DNS, IRR, Peering

2003: Sprint T1 via Sprint Linux Router with Sangoma T1 Card OpenBSD firewall Linux-based WWW, DNS, FTP servers Segregated network no dual stack (security concerns) A lot of PMTU issues A lot of routing issues Service has gotten better over the years

2004: Worldcom T1 via Worldcom to Equinix Cisco 2800 router OpenBSD firewall Linux-based WWW, DNS, FTP servers Segregated network no dual stack (security concerns) A lot of PMTU Issues A lot of routing issues

2006: Equi6IX 100 Mbit/s Ethernet to Equi6IX Transit via OCCAID Cisco router OpenBSD firewall WWW, DNS, FTP, SMTP Segregated -> dual stack

2008: NTT / TiNet IPv Mbit/s to NTT / TiNet Cisco ASR 1000 Router Foundry Load Balancers - IPv6 support was Beta DNS, Whois, IRR, more later Dual stack Stand Alone Network

Meeting Networks IPv6 enabled since 2005 Tunnels to ARIN, others Testbed for transition tech NAT-PT (Cisco, OSS) CGN / NAT-lite Training opportunity For staff & members

How much IPv6 Traffic?

So what about Security? Many things are the same, but different There are many unknowns, new territory! Built in (in)security features Multiple protocol == multiple policies

More Protocols, More Problems IPv4 and IPv6 are not the same IPv4 features != IPv6 features IPv6 does not have ARP. It uses ICMPv6 ICMPv6 is critical to IPv6 functionality DHCPv6 / router advertisement

More Protocols, More Problems Hardware / Software support is less than ideal Application and OS behavior inconsistent Firewalls, IDS, etc. have weak IPv6 support Switches, load balancers also lack support

Security Through Obscurity IPv6 has been in many OSes for 10+ years Stacks are not battle tested Applications are not well tested Stack smashing? Buffer overflows? Many unknowns in IPv6 implementations

Security Through Obscurity Exploits are not well known either Difficult to scan IPv6 networks with current tools Hard to guess addresses Black & White hats starting over (again)

Built(in)Security Features IPsec ESP is built-in IPSec AH is built-in Easy VPNs Enhanced routing security Application layer security

Built-in (in)Security Features ESP can make DPI difficult AH hard to configure / maintain IPv6 enabled backdoor, trojans, etc. No NAT? How to hide those networks? IPv6 address types complex and confusing

Cross Contamination Multiple stacks, multiple targets Maintaining policy parity is difficult Applications lack feature parity Appliances lack feature parity

Lessons Learned: Implementation Tunnels are less desirable than native Not all transit is equal Routing is not as reliable Dual stack is not so bad Proxies are good for transition

Native support is better DHCPv6 is not well supported Reverse DNS is a pain Windows XP is broken but usable Bugging vendors does work! Lessons Learned: Implementation

Dual stack makes policy more complex IPv6 security features double-edged sword Security vendors behind on IPv6 IPv6 stacks are relatively untested A whole new world for hackers to explore Lessons Learned: Security

Understanding ICMPv6 is a must Fragmentation is very different in IPv6 Multicast is an attack and discovery vector Read RFC 4942! Lessons Learned: Security

Thank You