ipv6 distributed security
play

IPv6 Distributed Security Activity Status - PowerPoint PPT Presentation

Sep 12, 2022 •460 likes •607 views

IPv6 Distributed Security Activity Status <draft-vives-v6ops-ipv6-security-ps-01> (Problem Statement) <draft-palet-v6ops-ipv6security-01> (Requirements) Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

  1. IPv6 Distributed Security Activity Status <draft-vives-v6ops-ipv6-security-ps-01> (Problem Statement) <draft-palet-v6ops-ipv6security-01> (Requirements) Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) Gregorio Martinez (gregorio@um.es) Antonio Gomez Skarmeta (skarmeta@um.es) Pekka Savola (psavola@funet.fi) 1

  2. Motivation • How would the deployment of IPv6 affect the security of a network? • IPv6 enabled devices and networks bring some issues to be taken into account by security administrators: – End-2-end communications – IPsec in all IPv6 stacks – Increased number of IP devices – Increased number of “nomadic” devices • Identify IPv6 Issues that justify the need of a new security model 2

  3. Network-based Security Model (I) CLIENTS I NTERNET SERVERS THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 3

  4. Network-based Security Model (II) • Main Assumptions: – Threats come from “outside” – Protected nodes won’t go “outside” – No backdoors (ADSL, WLAN, etc.) • Main Drawbacks: – Centralized model – Do not address threats coming from inside – FW usually acts as NAT/Proxy – Special solutions are needed for Transport Mode Secured Communications 4

  5. Host-based Security Model (I) CLIENTS I NTERNET Policy Decision Point (PDP) ALERT SERVERS DEFAULT TRUST ON SEC. POLICY THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 5

  6. Host-based Security Model (II) HOME HOT-SPOT I NTERNET ALERT Policy Decision OFFICE DEFAULT Point (PDP) TRUST ON SEC. POLICY THREAT Sec. Policy 1 Sec. Policy 2 Policy Enforcement Point (PEP) 6

  7. Host-based Security Model (III) • BASIC IDEA : Security Policy centrally defined and distributed to PEPs. The network entities will authenticate themselves in order to be trusted. • THREE elements: – Policy Specification Language – Policy Exchange Protocol – Authentication of Entities 7

  8. Host-based Security Model (IV) • Main Assumptions : – Threats come from anywhere in the network – Each host can be uniquely and securely identified – Security could be applied in one or more of the following layers: network, transport and application • Main Drawbacks : – Complexity – Uniqueness and secured identification of hosts is not trivial – Policy updates have to be accomplished in an efficient manner – A compromised host still is a problem • But “isolating” it could be a solution 8

  9. Host-based Security Model (V) • Main Advantages: – Protects against internal attacks – Don’t depend on where the host is connected – Still maintain the centralized control – Enables the end-2-end communication model, both secured or not – Better decision could be taken based on host-specific info. – Enables a better collection of audit info 9

  10. IPv6 Issues (I) 1. End-2-end – Any host must be reachable from anywhere. NAT/Proxy is not desired. 2. Encrypted Traffic – For example IPsec ESP Transport Mode Traffic 3. Mobility – Both Mobile IP and the increase of “portable” IP devices will mean they will be in “out-of-control” networks 4. Addresses – Much more addresses -> hosts with more than one – Randomly generated addresses – Link-local Addresses 10

  11. IPv6 Issues (II) 5. Neighbor Discovery – RA, RS, NA, NS and Redirect Messages could be used in a malicious way -> SEND 6. Embedded Devices – Number of devices with almost no resources to perform security tasks -> should be taken into account in a possible solution 11

  12. Requirements towards a Solution • Dynamic security policy specification language, exchange protocol and server • Authentication of entities • Support of SEND protocol • Support for unmanaged nodes/devices • Control and node/network partition mechanism – Securization of the rest of the network in case of a thread, even if internal • Alert/notification mechanism – Facilitate the inter-node and/or node-policy server communication • Node or host firewall, with a secure “default configuration”, that can be updated by a trusted dynamic security policy server. Should also include functionalities such as: – Integral thread protection – Resolution and arbitration of conflicts between different security policies – Support for end-to-end application level security (i.e., Web Services security standards) – Intrusion detection – Collection of audit information • Optionally it could also include: – Anti-virus – Anti-spam 12

  13. Next Steps • Get inputs from the WG and security area • Continue the work – Solutions – Implementation – Trial in real networks, not just labs 13

  14. 14 Questions ? Thanks !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet

IPv6 Distributed Security Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) 1 Motivation How would the deployment of IPv6 affect the security of a network? IPv6 enabled devices and networks bring

305 views • 19 slides
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education

Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions Security of IPv6

625 views • 33 slides
IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 fmajstor@cisco.com, IPv6 Security Agenda IPv6 Primer IPv6 Protocol

241 views • 21 slides
IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction to WLCG &amp; IPv6 IPv6 security &amp; threats IPv6 protocol attacks Issues for site network &amp; security teams Issues for sys admins

501 views • 34 slides
Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi,

Balanced Security for IPv6 CPE draft-v6ops-vyncke-balanced-ipv6-security IETF86 Orlando M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen Status -00 posted on 25 January 2013 Some comments on the list (see later) Problem Statement

378 views • 10 slides
Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The

Mobile IPv6 Security Arnaud Ebalard - EADS Corporate Research Center France Guillaume Valadon - The University of Tokyo / Laboratoire dInformatique de Paris 6 Summary IPv6 Mobile IPv6 Security and Mobile IPv6 Protections by

669 views • 50 slides
The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich,

The Security Impact of IPv6 How I Learned to Stop Worrying and Love IPv6 Johannes B. Ullrich, Ph.D. jullrich@sans.edu 1 Housekeeping This presentation consists of slides and audio. If you are experiencing any problems/ issues,

1.12k views • 56 slides
Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension

Security Impacts of Security Impacts of Abusing IPv6 Extension Headers Abusing IPv6 Extension Headers Antonios Atlasis antonios.atlasis@cscss.org Centre for Strategic Cyberspace + Security Science Bio Independent IT Security

689 views • 66 slides
v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations

v6ops and security IPv6 Transition/Co-existence Security Considerations draft-savola-v6ops-security-overview-00.txt Pekka Savola, CSC/FUNET Overview Overview Look at different kinds of issues IPv6 protocol Transition mechanisms in general

853 views • 10 slides
IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda

IPv6 Security Concerns Introduction to Integralis Garry Sidaway SVP Security Strategy Agenda Introduction to Integralis IPv6 Security Concerns Questions Private &amp; Confidential Continuous Secure Service Delivery Governance,

336 views • 21 slides
IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1 04/12/2015' Presentation Objectives ! Create awareness of IPv6 Security implications. ! Highlight technical concepts on IPv6 weaknesses ! Describe

822 views • 36 slides
IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet

IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet

IPv6 distributed security requirements &lt;draft-palet-v6ops-ipv6security-00.txt&gt; Jordi Palet (jordi.palet@consulintel.es) Alvaro Vives (alvaro.vives@consulintel.es) Gregorio Martinez (gregorio@dif.um.es) Antonio Skarmeta

664 views • 7 slides
IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer

IPv6 Security Considerations: Future Challenges Prof. Sukumar Nandi Company Dept of Computer Sc. &amp; Engg. LOGO Indian Institute of Technology Guwahati Agenda Outline Motivation for IPv6 Brief comparision between IPv6 and IPv4

290 views • 25 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
McBits: Objectives fast constant-time Set new speed records code-based cryptography for

McBits: Objectives fast constant-time Set new speed records code-based cryptography for

McBits: Objectives fast constant-time Set new speed records code-based cryptography for public-key cryptography. D. J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven Joint work with: Tung Chou

746 views • 73 slides
Last Class Parameter passing Call-by-value vs call-by-reference Inheritance Public,

Last Class Parameter passing Call-by-value vs call-by-reference Inheritance Public,

Last Class Parameter passing Call-by-value vs call-by-reference Inheritance Public, package, protected, private Overriding Overloading Constru.... Constructors Every class comes with a default constructor with no

318 views • 11 slides
The impact of COVID-19 on migration globally and in Canada Dan Hiebert OCASI November 20, 2020

The impact of COVID-19 on migration globally and in Canada Dan Hiebert OCASI November 20, 2020

The impact of COVID-19 on migration globally and in Canada Dan Hiebert OCASI November 20, 2020 Agenda Covid as a triple-crisis Canadas / IRCCs response to Covid Data update whats happening? Andwhat next? the

631 views • 48 slides
Collective issues and industrial action Betsan Criddle Old Square Chambers 1 24/04 /2019

Collective issues and industrial action Betsan Criddle Old Square Chambers 1 24/04 /2019

24/04 /2019 Collective issues and industrial action Betsan Criddle Old Square Chambers 1 24/04 /2019 Ministry of Justice v POA [2018] ICR 181 POA issued a circular to its members calling on them to withdraw from (specified) voluntary

74 views • 6 slides
Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/kr/kspp.pdf Agenda Background Security in the context of this presentation

800 views • 59 slides
Digital Security Workshop Progressive Technology Alice Aguilar, Executive Director Jamie

Digital Security Workshop Progressive Technology Alice Aguilar, Executive Director Jamie

Digital Security Workshop Progressive Technology Alice Aguilar, Executive Director Jamie McClelland, Technology Systems Director Caring for myself is not an indulgence, it is self preservation and that is an act of political warfare

571 views • 3 slides
Proofs: Logic in Action Poll 0 Did you attend the tutorials? A: None of them B: On

Proofs: Logic in Action Poll 0 Did you attend the tutorials? A: None of them B: On

Euclid (300 BC) Proofs: Logic in Action Poll 0 Did you attend the tutorials? A: None of them B: On Monday only C: On Tuesday only D: On Monday and Tuesday Review Question 1 Consider the following propositions:

459 views • 20 slides
Regular Languages Today we continue looking at our first class Kleene Theorem I of

Regular Languages Today we continue looking at our first class Kleene Theorem I of

Regular Languages Today we continue looking at our first class Kleene Theorem I of languages: Regular languages Means of defining: Regular Expressions Machine for accepting: Finite Automata Kleene Theorem Proving Kleene Theorem A

375 views • 6 slides

More recommend