Sample. IPv6 Security. Module 5: IPv6 Security. Module 5: Jul
|
|
- Prudence Farmer
- 7 years ago
- Views:
Transcription
1 Module 5: IPv6 Security 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Sample Jul
2 Objectives After completing this module, you should be able to: Describe the main features of IP Security (IPsec). Discuss similarities and differences between IPv4 and IPv6 Authentication Header (AH) and Encapsulating Security Payload (ESP) security protocols. Discuss why IPsec alone cannot completely secure a network. List threats that remain essentially the same from IPv4 to IPv6. Describe how the design of IPv6 provides security beyond IPsec. Discuss some threats with new considerations in IPv6. Jul 2008 Student Guide: X xx 2 Objectives One of the weaknesses of the original Internet Protocol was that it lacked a mechanism for ensuring the authenticity and privacy of data passed over the internetwork. As discussed in Module 1, IP was designed at a time when security wasn't the critical issue that it is today. The ARPANET, predecessor to the Internet, comprised a relatively small number of networks whose administrators often knew each other. But as the Internet evolved, went public, and became an indispensable asset to business success, maintaining network security while harnessing the Net s considerable power became a top-of-mind concern. A number of security techniques focused at the higher layers of the Open Systems Interconnection (OSI) protocol stack have evolved over the years to compensate for IP's lack of security. While valuable in their way, they are particular to various applications, and thus can't be generalized easily. Secure Sockets Layer (SSL), for example, is a security measure for World Wide Web access and File Transfer Protocol (FTP), but there are dozens of applications with which it was never intended to work. What was needed was a solution to allow security at the IP level so all higher-layer TCP/IP protocols could take advantage of it. When the decision was made, then, to develop a new version of IP IPv6 it seemed the perfect opportunity to resolve not just addressing problems but the lack of security as well. IP Security (IPsec) was the result. IPsec was developed with IPv6 in mind, but it was designed to work with IPv4 as well because the new IP version took years to develop and roll out. This module will take a look at both implementations of IPsec, comparing and contrasting, and will explore other IPv6 security considerations as well. By the time you have completed this module, you should be able to: Describe the main features of IPsec. Discuss similarities and differences between IPv4 and IPv6 Authentication Header (AH) and Encapsulating Security Payload (ESP) security protocols. Discuss why IPsec alone cannot completely secure a network. List threats that remain essentially the same from IPv4 to IPv6. Describe how the design of IPv6 provides security beyond IPsec. Discuss some new threats to consider for IPv6. Jul
3 Discussion Topics IPsec: The Briefest of Overviews Core Protocols and Components Transport and Tunnel Modes IPv4 versus IPv6 IPsec Implementation IPsec Is Not a Silver Bullet Jul Discussion Topics As mentioned in the introduction, security methods were designed to compensate for a lack of IP security. Even after IPsec was defined, such solutions remained essential, in part because support for IPsec is optional in IPv4. Thus, IPv4 s Routing Information Protocol (RIP), for example, relies on a specific RIP authentication mechanism to secure routing exchanges. In IPv6, with Network Address Translation (NAT) no longer an impediment to IPsec implementation, the end-to-end security possibilities of IPsec can be realized. IPsec is in fact required to fully implement the IPv6 standard. In such a network, every IPv6 packet travels through a VPN tunnel across the Internet. IPv6 s routing protocols are designed to take advantage of that. IPv6 s RIPng, for example, relies on IPsec s Authentication Header (AH) and Encapsulating Security Payload (ESP) security protocols discussed on upcoming slides in this module to ensure the integrity and confidentiality of routing exchanges. Similarly, authentication has been removed from the latest Open Shortest Path First (OSPF) protocol, OSPFv3. It now relies on IPv6 s AH and ESP. That important distinction aside, the security provided by IPv6 is in many ways the same as that provided by IPv4. We ll therefore begin this module with just the briefest overview of IPsec, the protocol suite network administrators can use to establish and maintain a virtual private network (VPN), creating a boundary between trusted and untrusted networks. Jul
4 IPsec Brief Overview: Core Protocols and Components Endpoints agree on Security Association (SA) to define terms of VPN Terms include: Security protocols Algorithms Cryptographic keys Jul IPsec Brief Overview: Core Protocols and Components When an IPsec connection is created, the two endpoints must agree to a Security Association (SA), which defines the terms of the VPN connection. These terms include the exact set of security protocols, algorithms, and cryptographic keys that will be used to authenticate and protect the traffic transmitted across the connection. After the endpoint devices are authenticated and an SA established, the VPN tunnel is created. Defined in RFC 4301 (which obsoletes the original, 2401), the IPsec standard comprises three main parts: Internet Key Exchange (IKE) IKE is an optional standard for automatically negotiating and establishing SAs. After the encryption algorithms and keys are agreed upon in the IKE (or optionally manual) exchange, IPsec uses the AH and ESP protocols to manage the actual data encryption and authentication. Authentication Header (AH) protocol AH provides message integrity authentication. In simplest terms, it ensures data has not been tampered with en route to its destination. Encapsulating Security Payload (ESP) protocol ESP provides data encryption as well as some message integrity authentication. Jul
5 IPsec Brief Overview: Transport and Tunnel Modes Transport Mode: End-to-end communication scheme Internet Sender Station IPsec Tunnel Mode: Between security gateways Receiver Station LAN IP Internet LAN IP IPsec Sender station Security gateway Security gateway Receiver station Jul IPsec Brief Overview: Transport and Tunnel Modes In both IPv4 and IPv6, AH and ESP may be applied alone or in combination to provide a desired set of security services. In addition, IPsec can be run in either tunnel mode or transport mode: Tunnel mode is most commonly used between gateways, these gateways acting as proxies for the nodes behind them. Transport mode is used between end stations or between an end station and a gateway, if the gateway is being treated as a node. Jul
6 Discussion Topics IPsec: The Briefest of Overviews IPv4 versus IPv6 IPsec Implementation Authentication Header IPv4 and IPv6 AH Transport Mode IPv4 and IPv6 AH Tunnel Mode Encapsulating Security Payload IPv4 and IPv6 ESP Transport Mode IPv4 and IPv6 ESP Tunnel Mode IPsec Is Not a Silver Bullet Jul Discussion Topics In the next section we will take a look at the AH and ESP IPsec security protocols and their configuration in IPv4 and IPv6 tunnel and transport modes. Jul
7 Authentication Header Field Next Header Payload Length Reserved Purpose Protocol number of the next header after the AH Length of AH only Not used; set to zeroes SPI Identifies the SA Sequence Number Unique ID for each packet on an SA Authentication Data Integrity Check Value (ICV) Jul Authentication Header (AH) AH uses an authentication algorithm most commonly Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1) and a key that the sender and receiver agree upon to compute an Integrity Check Value (ICV) on IP packets, and add the result as authentication data in a special header. The 32-bit Security Parameters Index (SPI) is used in combination with the destination address and the security protocol (AH or ESP) to identify the correct SA for the communication. With this information and the Authentication Data field s ICV, the destination node can compute the ICV of received packets and compare to verify packet integrity. AH can also provide an anti-replay service: that is, prevent the retransmission of captured packets. AH s Sequence Number field is initialized to zero when an SA is formed, and then incremented for each packet sent using that SA, uniquely identifying that packet. AH provides authentication for as much of the IP header as possible, as well as for upper-level protocol data. However, some IP header fields may change in transit, and thus the sender may not be able to predict the value of these fields upon their arrival at the packet s destination. These are known as mutable fields, and include the following: Type of Service (TOS), Flags, Fragment Offset, and Header Checksum All of which have been removed from IPv6 Time to Live (TTL) Known as Hop Limit in IPv6 The next several slides take a closer look at the similarities and differences between IPv4 and IPv6 IPsec integrity authentication. Jul
8 IPv4 AH Transport Mode AH is between IP header and IP data. Protocol field points to AH (protocol = 51). Next Header field contains the IP header s prior protocol value: TCP = 6 Jul IPv4 Transport Mode In IPv4 transport mode, the Authentication Header is added between the IP header and the IP data, before any higher-layer protocols. The Protocol field of the IPv4 header points to AH (the AH protocol value is 51), while its Next Header field contains the IP header s prior protocol value ( 6 in the example in the slide above, for TCP.) Jul
9 IPv6 AH Tunnel Mode: Extension Headers IPv4 Options are not distinct entities. IPv6 Options are distinct entities. They appear one after the other, in an agreed-upon order, following the main header. AH and ESP are both extension headers. Order Extension Header Basic IPv6 Header Hop-by-Hop Options Destination Options (with Routing) Routing Header Fragment Header Authentication Header Encapsulation Security Payload Header Destination Options Mobility Header No Next Header Code UL UL UL TCP UDP ICMPv Jul IPv6 AH Tunnel Mode: Extension Headers As with IPv4, in IPv6 transport mode the Authentication Header is added between the IP header and the IP data, before any higher-layer protocols. As you ll recall from Module 2, however, although IPv4 options are not distinct entities, they are distinct in IPv6. And when included in an IPv6 packet, they appear one after the other, in a specified order, following the main header: The Next Header field in the main header contains a reference number for the first extension header type. The Next Header field in the first extension header contains the number of the second extension header type, if there is a second one, and so on. The Next Header field of the final extension header contains the protocol number of the encapsulated higher-layer protocol. This still applies when IPsec is in play: in fact, AH and ESP are two of the established IPv6 extension headers. Jul
10 IPv6 AH Tunnel Mode AH as end-to-end payload Added after : Hop-by-Hop Routing Fragmentation AH can precede or follow Destination Options: Can be last in chain, before Routing header, or both. Jul IPv6 AH Tunnel Mode Illustrated As mentioned earlier, with NAT no longer a roadblock to IPsec implementation in IPv6, IPv6 AH is viewed as an end-to-end payload, and thus should appear after Hop-by-Hop, Routing, and Fragmentation extension headers. It may appear before or after the Destination Options extension header, however. As illustrated in the previous slide, the Destination Options extension header is the only extension header that can appear more than once in the same packet: Normally, Destination Options appears as the final extension header. However, the Destination Options header may contain options that must be examined by devices en route to the destination. In this case, it is placed before the Routing extension header. A second such header containing options only for the final destination may also appear. Jul
11 IPv4/IPv6 Tunnel Mode Similarities: Whole IP packet secured, encapsulated in IP packet with AH Differences: IPv4 options vs. IPv6 extension headers IPv4 = Next Header value of 4 (for IPv4 ); IPv6 = Next Header value of 41 (value of the encapsulated IPv6 packet) Jul IPv4 and IPv6 Tunnel Mode In IPv4 and IPv6 tunnel mode the entire original IP packet is secured and then encapsulated within another IP packet that includes the AH header. The differences between IPv4 options and IPv6 extension headers apply in this scenario as well. In addition, note in IPv4 tunnel mode the AH header s use of the Next Header value of 4 as in IPv4. In IPv6, on the other hand, the AH header s Next Header value of 41 is the value for the encapsulated IPv6 packet. Jul
12 Encapsulating Security Payload Encrypted Authenticated Field SPI Sequence Number Payload Data Padding Pad Length Next Header Purpose Identifies the SA Uniquely identifies each packet on an SA via a counter field Encrypted higher-layer message or encapsulated IP packet; may also include an initialization vector certain encryption methods require Included as needed for encryption or alignment Number of bytes in the Padding field Contains the protocol number of the next header after the AH Authentication Data Contains the ICV from the optional authentication algorithm Jul Encapsulating Security Payload ESP uses the keys calculated during the last phase of IKE and an agreed-upon encryption algorithm to encrypt IP data. Data Encryption Standard-Cipher Block Chaining (DES)-CBC, Triple DES-CBC (3DES-CBC), and Advanced Encryption Standard-CBC (AES-CBC) are the most widely used. This protocol can also provide authentication and anti-replay service, but its authentication capabilities are more limited than those of AH. An AH header authenticates both the packet payload and the IP header. An ESP header only authenticates the payload. Encryption really should not be applied without data integrity, because there can be no assurance that the encryption was performed by a legitimate party. But while combining the two protocols offers more security than ESP with its authentication capabilities alone, the processing overhead involved may outweigh the benefit. If applied together, the AH header precedes the ESP header to verify authenticity and integrity before the packet is decrypted. If both headers are used, it is not necessary to use the authentication in the ESP header. Jul
13 IPv4/IPv6 ESP Transport Mode For IPv4 and IPv6: ESP header placed similarly to AH. ESP trailer appended to data to be encrypted. Payload and ESP trailer are both encrypted, with any IP headers. ESP Authentication Data field placed at the end. Jul IPv4 and IPv6 ESP Transport Mode ESP Header Placement of the ESP header in IPv4 and IPv6 transport mode is similar to that of AH: In IPv4, the ESP header (containing the SPI and Sequence Number fields) is placed after the original IPv4 header. In IPv6, it is inserted into the IP packet as an extension header, following the IPv6 rules for such: after Hop-by-Hop, Routing, and Fragmentation extension headers, and before or after the Destination Options extension header. ESP Trailer In both IPv4 and IPv6 scenarios, the ESP trailer (containing the Padding and Pad Length fields used to align the encrypted data, as well as the Next Header field) is appended to the data to be encrypted. The payload and the ESP trailer are both encrypted, as are any other IP headers including the Destination Options extension header in IPv6 that appear between the ESP header and the payload. The ESP header itself, however, is not encrypted. ESP Authentication Data The ESP Authentication Data field (containing an ICV and used to authenticate the rest of the encrypted datagram after encryption) is placed at the end. Jul
14 IPv4/IPv6 ESP Tunnel Mode In IPv4 and IPv6: ESP header and trailer bracket the entire encapsulated IPv6 packet. Notice Encryption and authentication coverage How Next Header field in ESP trailer references the packet. Jul IPv4 and IPv6 ESP Tunnel Mode In IPv4 and IPv6 tunnel mode, the ESP header and trailer bracket the entire encapsulated IPv6 packet. Note the encryption and authentication coverage, and also how the Next Header field in the ESP trailer references the packet. Jul
15 IPsec Reference Materials For more on the subjects discussed thus far in this module, see the following RFCs: RFC Defines 4301 The architecture and general operation of IPsec (main IPsec document) 4302 The IPsec AH protocol, used for ensuring data integrity and origin verification 2403 The MD5 Hash-based Message Authentication Code (HMAC) variant encryption algorithm 4305 The SHA-1 HMAC variant encryption algorithm 4303 The IPsec ESP protocol providing data encryption for confidentiality 4306 The IKEv2 protocol, used to negotiate SAs and exchange keys between devices for secure communications Jul IPsec Reference Materials For more on the subjects discussed thus far in this module, see the RFCs listed in the table in the slide above. Jul
16 Discussion Topics IPsec: The Briefest of Overviews IPv4 versus IPv6 IPsec Implementation IPsec Is Not a Silver Bullet Built-in Security Beyond IPsec One Door Closes; Another Is Opened Coexistence of IPv4 and IPv6 IPv4 and IPv6 Threats: More Alike Than Not Jul Discussion Topics End-to-end IPsec is one of the major advantages of IPv6, but while a very good security mechanism, it is not the proverbial silver bullet. In fact, because most security breaches occur at the application level, even the successful, comprehensive deployment of IPsec with IPv6 does not guarantee any additional security for many attacks, beyond of course the valuable ability to determine the source. And just as in the IPv4 world, there will always be hackers seeking new ways to break into IPv6 networks. The changes made to the IP protocol can even offer new inroads for these attackers. In addition, the inevitable coexistence of IPv4 and IPv6 could offer new venues to exploit security holes and circumvent the defenses of one protocol to attack the other. This section takes a look at the security threats facing an IPv6 infrastructure while highlighting IPv4 similarities and differences. An exhaustive discussion of the various and sundry security concerns in an IPv6 network is outside the scope of this course, but the next several slides will give you a feel for the IPv6 security landscape. Jul
17 Built-in Security Beyond IPsec IPv4 Network /16 Attacker with network mapping software Possible addresses: 65,535 IPv6 Network 2001:6289:f34e: 0f15:7ac2:0013::/96 Attacker with network mapping software Possible addresses: Billions Jul Built-in Security Beyond IPsec Many features of IPv6 are attractive from a security standpoint. In particular, its huge address space and subnet size render it highly resistant to malicious scans and inhospitable to automated, scanning and self-propagating worms and hybrid threats. On an IPv4 network, for example, attackers can complete a reconnaissance scan with network mapping software within seconds. The software systematically scans every possible address on the target network s subnet typically a class C IPv4 subnet, with 8 bits allocated for the host address: a mere 65,535 possible hosts to quickly map the devices on that network. Note the use of an Internet Engineering Task Force (IETF) IPv6 reserved address (::/96) in the example above. In general, assigned IPv6 addresses would have a 64-bit designation which means an even-greater 2 64, or approximately 18 quintillion, possible host addresses. Scanning every address on such a subnet could take years rather than seconds. For this reason, Network Mapper (Nmap), commonly used to identify active devices in an IPv4 network, does not even support ping sweeps on IPv6 networks. Jul
18 IPv6 Privacy Extensions and CGAs IPv6 Network 2 IPv6 Network 1 Prefix 2001:fed9:2e35:7ae6 Prefix 2001:3267:cee9:2fe1 Internet IPv6 address 2001:3267:cee9:2fe1:0000:0012:7905:25B9 Network prefix Interface ID MAC address 00:12:79:05:25:B9 IPv6 address 2001:fed9:2e35:7ae6:0000:0012:7905:25B9 Network prefix Interface ID Attacker Track 2001:****:****:****:0000:0012:7905:25B9 Jul IPv6 Privacy Extensions and CGAs Privacy extensions can also make reconnaissance less effective. As you now know, IPv6 addresses are created using a network-specific prefix and an interface identifier that is unique to each device and typically based on the device s MAC address. EUI- 64 is a standard method of deriving the EUI field, the lower 64 bits of the IPv6 address, from the 48-bit MAC address of the associated network interface. Unfortunately, using a static interface identifier, such as a MAC address, in conjunction with a set autoconfiguration process may encourage certain attacks: An attacker may be able to find a network address pattern that allows a successful network attack. An attacker may be able to track a particular device no matter where or how it is connected to the Internet. The IETF addressed this issue by specifying that an address may be identified by a dynamic, privacy-protecting, pseudo-random EUI chosen in such a way as to never collide with an autoconfigured EUI. These interface identifiers are generated via an MD5 hash. To patch the security hole, you can also use Cryptographically Generated Addresses (CGAs) with the SEcure Neighbor Discovery (SEND) protocol (RFC 3971). You ll recall from Module 3 that RFC 3972 describes a method for binding a public signature key to an IPv6 address. The basic idea is to generate the interface identifier (the rightmost 64 bits) of the IPv6 address by computing a cryptographic hash of the public key. The resulting IPv6 address is called a CGA. The corresponding private key can then be used to sign messages sent from the address. The protection works without a certification authority or any security infrastructure, protecting the Neighbor Discovery traffic without the complexity and vulnerabilities of IPsec. Jul
19 IPv6 Scanning Considerations Public servers still need to be DNS-reachable. Administrators may adopt easy-to-remember easy-to-guess addresses. Multicasts offer inroads onto the network. No broadcast flooding, but amplification attacks still a threat Jul IPv6 Scanning Considerations There are, however, other considerations when it comes to IPv6 scanning: Public servers will still need to be DNS reachable, for example, which provides a means of attack. Administrators may adopt easy-to-remember and easy-to-guess addresses. IPv6 multicast addresses (all routers [FF05::2]. all DHCP servers [FF05::1:3]), might enable attackers to identify and compromise key resources on a network. In addition to filtering for unnecessary multicast traffic at the border, all stacks should properly implement RFC 4443, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification. RFC 4443 states that an ICMP reply should not be generated for packets that have a multicast destination address. Jul
20 One Door Closes; A Window Opens IPv6 architecture closes security doors, but new windows open. ND immune to off-link spoofing, but vulnerable to new on-link spoofing, DoS: Router Advertisement Duplicate Address Discovery Address Resolution Jul One Door Closes; A Window Opens But for every security door that is closed, a vulnerability window opens. For example, IPv6 s Neighbor Discovery (ND) provides both a defense against old attacks as well as new paths to invasion or disruption. Although immune to spoofing attacks that originate from off-link nodes (because its messages have a hop limit of 255 upon receipt), ND spoofing remains a possibility, including new ND-specific spoofs. ND is also susceptible to redirect attacks and Denial-of-Service (DoS) attacks. In a redirect attack, a malicious node redirects packets away from legitimate receivers such as a last-hop router to another node on the link. In a DoS attack, the malicious node can prevent communication between the victim and all other nodes, or it can redirect traffic destined for other hosts to the victim node, thereby creating a flood of traffic to the victim. For example: Router Advertisement (RA) redirect The attacker announces new routers that do not exist, pretends to be a new router, changes lifetimes, deprecates valid prefixes, and so on. Duplicate Address Discovery DoS The attacker constantly responds to all attempts to join a link, claiming to already own any address that is proposed for use. Address Resolution DoS The attacker forges Solicitation and Advertisement messages, thereby corrupting the host neighbor cache with invalid link-layer addresses, which prevents the host from reaching that neighbor. For more information about ND and possible threats, see RFC 3756, IPv6 Neighbor Discovery (ND) Trust Models and Threats. Jul
21 Coexistence of IPv4 and IPv6 Unique threats for 6to4 transition networks Address spoofing through protocol tunneling External packet uses spoofed address from internal network Ingress filtering cannot prevent IPv6 address spoofing Possible mitigation Relays must perform proper decapsulation checks. RFC 4891 proposes the use of IPsec. Transition networks the norm for near future Security implications extend beyond spoofing. RFC 3964 explains issues and mitigation efforts. Jul Coexistence of IPv4 and IPv6 With regard to 6to4 transition networks (IPv6 transported by IPv4), protocol tunneling could also lead to address spoofing in this case, if the spoofed address is used to masquerade an external packet as one that originated from the inside network. Anyone can, regardless of ingress filtering, spoof a native IPv6 address to a 6to4 node. If the relays perform proper decapsulation checks, on the other hand, the spoofing can only be achieved when the IPv4 address is spoofable as well. In addition, RFC 4891, Using IPsec to Secure IPv6-in-IPv4 Tunnels, proposes the use of IPsec to help prevent such threats and provide integrity, confidentiality, replay protection, and origin protection between tunnel endpoints. 6to4 security issues extend beyond spoofing, and are of concern because transition networks are likely to be the norm for some time to come. Most organizations will not migrate to IPv6 completely in the near future. The potentially multi-year coexistence of IPv4 and IPv6 could offer attackers new opportunities for attacks in addition to offering administrators the headache of two infrastructures with their own unique security concerns. RFC 3964, Security Considerations for 6to4, documents many of the issues to be tackled and the possibilities for mitigation. Jul
22 IPv4 and IPv6 Threats: More Alike Than Not Many IPv4 attacks are an issue for IPv6 Some attacks are IP-version agnostic: Flooding Sniffing Application-layer attacks Man-in-the-middle attacks Rogue devices Other attacks are IPv6-specific IPv4 and IPv6 threats are more similar than different Until IPsec is optimized, use proven security best practices and tools Jul IPv4 and IPv6 Threats: More Alike Than Not You ve seen how reconnaissance remains an issue for IPv6 networks. Many other wellestablished IPv4 threats do as well. Some attacks are very similar regardless of IP version flooding, sniffing, application-layer attacks, man-in-the-middle attacks, and rogue devices, for example while others have adapted to the unique design of IPv6. With regard to the latter, we have already illustrated some of the ways in which IPv6 s Neighbor Discovery protocol and multicast architecture have become a target for attackers. Chained and large-size extension headers that must be processed by all stacks are also useful to an attacker. Large-size extension headers or a large number of extension headers can drain the resources of the devices that must deal with these. And chaining a large number of these headers forces a network s security devices and mechanisms to perform long lookups into a packet, possibly to a degree beyond their capabilities, to try get to the information that reveals an attack. Thus, this last can be an effective means of hiding such an attack. New threat venues aside, however, in the end IPv4 and IPv6 threats are characterized by more similarities than differences. Until end-to-end IPsec and a reliable key-distribution protocol is consistently deployed for IPv6, the proven IPv4 security best practices and tools remain the optimal line of defense. Jul
23 Summary IPv6 is now part of the base IP specification. Minor modifications have been made to AH and ESP in transport and tunnel mode. Overall, the changes to IPsec are minor. IPv6 does offer some security advantages that extend beyond integrated IPsec. These same benefits can be leveraged by attackers. In the end, IPv4 and IPv6 are on the same page with security. The IPv4 best practices and tools are indispensable IPv6 assets. Jul Summary This module opened with an examination of the benefits and architecture of IPsec. You learned that, in addition to being a component of the base IPv6 specification (as opposed to an option as with IPv4), a few modifications have been made to the architecture of IPsec to accommodate the design updates of IPv6 itself. Overall, however, the changes to IPsec are minor. The same is true for IPv6 security in general. Because IPsec is mandated for full IPv6 implementation, IPv6 is often presumed to be more secure than IPv4. And ideally, with wellcoded applications, a robust identity infrastructure, and efficient key management, this statement will one day be true. Despite that, however, there will always be threats both old and new with which to contend. In fact, most security breaches occur at the application level, outside the sphere of influence of even the most successful deployment of IPsec. Of course, you did learn in this module that IPv6 offers some security advantages that extend beyond integrated IPsec but you also learned that these same benefits can be leveraged by attackers if the network is not properly secured against such threats. And in the end, you discovered that, security improvements and new venues for attacks aside, at this point in time IPv4 and IPv6 are largely on the same page when it comes to security. The IPv4 best practices and tools are indispensable assets in an IPv6 environment. Jul
24 Jul Jul
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationProCurve Networking IPv6 The Next Generation of Networking
ProCurve Networking The Next Generation of Networking Introduction... 2 Benefits from... 2 The Protocol... 3 Technology Features and Benefits... 4 Larger number of addresses... 4 End-to-end connectivity...
More informationVulnerabili3es and A7acks
IPv6 Security Vulnerabili3es and A7acks Inherent vulnerabili3es Less experience working with IPv6 New protocol stack implementa3ons Security devices such as Firewalls and IDSs have less support for IPv6
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationIPv6 Fundamentals: A Straightforward Approach
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 Rick Graziani Cisco Press 800 East 96th Street Indianapolis, IN 46240 IPv6 Fundamentals Contents Introduction xvi Part I: Background
More informationIP SECURITY (IPSEC) PROTOCOLS
29 IP SECURITY (IPSEC) PROTOCOLS One of the weaknesses of the original Internet Protocol (IP) is that it lacks any sort of general-purpose mechanism for ensuring the authenticity and privacy of data as
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationIPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas
IPv6 Fundamentals Chapter 1: Introduction ti to IPv6 Copyright Cisco Academy Yannis Xydas The Network Today The Internet of today is much different that it was 30, 15 or 5 years ago. 2 Technology Tomorrow
More informationSecurity Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress
Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationSEcure Neighbour Discovery: A Report
SEcure Neighbour Discovery: A Report Arun Raghavan (Y6111006) CS625: Advanced Computer Networks Abstract The IPv6 [5] Neighbour Discovery [12] protocol is used by nodes in IPv6 for such purposes as discover
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationOLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS
OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationIntroduction to IP v6
IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationIPv6 Security Issues
IPv6 Security Issues Samuel Sotillo East Carolina University ss0526@ecu.edu Abstract Deployment of a new generation of Internet protocols is on its way. It is a process that may take several years to complete.
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationIP - The Internet Protocol
Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls und IPv6 worauf Sie achten müssen!
Firewalls und IPv6 worauf Sie achten müssen! Pascal Raemy CTO Asecus AG pascal.raemy@asecus.ch Asecus AG Asecus AG Security (Firewall, Web-Gateway, Mail-Gateway) Application Delivery (F5 Neworks with BIGIP)
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationMPLS VPN in Cellular Mobile IPv6 Architectures(04##017)
MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic
More informationRARP: Reverse Address Resolution Protocol
SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationInterconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration
Interconnection of Heterogeneous Networks Internetworking Service model Addressing Address mapping Automatic host configuration Wireless LAN network@home outer Ethernet PPS Internet-Praktikum Internetworking
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationTomás P. de Miguel DIT-UPM. dit UPM
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationICTTEN8195B Evaluate and apply network security
ICTTEN8195B Evaluate and apply network security Release 1 ICTTEN8195B Evaluate and apply network security Modification History Release Release 2 Comments This version first released with ICT10 Integrated
More informationIPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc. Nalini.elkins@insidethestack.com
1 IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc. Nalini.elkins@insidethestack.com Agenda What has not changed between IPv4 and IPv6 traces What has changed between IPv4 and
More informationIPv6 Security. Scott Hogg, CCIE No. 5133 Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA
IPv6 Security Scott Hogg, CCIE No. 5133 Eric Vyncke Cisco Press Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA Contents Introduction xix Chapter 1 Introduction to IPv6 Security 3 Reintroduction
More informationETSF10 Part 3 Lect 2
ETSF10 Part 3 Lect 2 DHCP, DNS, Security Jens A Andersson Electrical and Information Technology DHCP Dynamic Host Configuration Protocol bootp is predecessor Alternative: manual configuration IP address
More informationInternet Control Protocols Reading: Chapter 3
Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More information- IPv4 Addressing and Subnetting -
1 Hardware Addressing - IPv4 Addressing and Subnetting - A hardware address is used to uniquely identify a host within a local network. Hardware addressing is a function of the Data-Link layer of the OSI
More information(Refer Slide Time: 01:38 01:37)
Computer Networks Prof. S. Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No: 29 IP Version 6 & Mobile IP Good day, in the last lecture we discussed
More informationNeighbour Discovery in IPv6
Neighbour Discovery in IPv6 Andrew Hines Topic No: 17 Email: hines@zitmail.uni-paderborn.de Organiser: Christian Schindelhauer University of Paderborn Immatriculation No: 6225220 August 4, 2004 1 Abstract
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ 1 Lecture 7: Network Layer in the Internet Reference: Chapter 5 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice Hall,
More information8.2 The Internet Protocol
TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface
More informationIP Addressing A Simplified Tutorial
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
More informationSymantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationIPv6 First Hop Security Protecting Your IPv6 Access Network
IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value
More informationNetwork Security TCP/IP Refresher
Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)
More informationIPV6 vs. SSL comparing Apples with Oranges
IPV6 vs. SSL comparing Apples with Oranges Reto E. Haeni r.haeni@cpi.seas.gwu.edu The George Washington University Cyberspace Policy Institute 2033 K Str. Suite 340 N Washington DC 20006 Washington DC,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationIntroduction to TCP/IP
Introduction to TCP/IP Raj Jain The Ohio State University Columbus, OH 43210 Nayna Networks Milpitas, CA 95035 Email: Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 1 Overview! Internetworking Protocol
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationVPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
VPNs Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationLink Layer and Network Layer Security for Wireless Networks
White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:
More informationIPv6 Associated Protocols
IPv6 Associated Protocols 1 New Protocols (1) New features are specified in IPv6 Protocol -RFC 2460 DS Neighbor Discovery (NDP) -RFC 4861 DS Auto-configuration : Stateless Address Auto-configuration -RFC
More informationSecuring IPv6. What Students Will Learn:
Securing IPv6 When it comes to IPv6, one of the more contentious issues is IT security. Uninformed analysts, anit-v6 pundits, and security ne're-do-wells have created a mythos that IPv6 is inherently less
More informationThreats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security
Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security Yvette E. Gelogo 1, Ronnie D. Caytiles 1 and Byungjoo Park 1 * 1Multimedia Engineering Department,
More informationInternet Protocol Address
SFWR 4C03: Computer Networks & Computer Security Jan 17-21, 2005 Lecturer: Kartik Krishnan Lecture 7-9 Internet Protocol Address Addressing is a critical component of the internet abstraction. To give
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationIPv6 Security Best Practices. Eric Vyncke evyncke@cisco.com Distinguished System Engineer
IPv6 Best Practices Eric Vyncke evyncke@cisco.com Distinguished System Engineer security 2007 Cisco Systems, Inc. All rights reserved. Cisco CPub 1 Agenda Shared Issues by IPv4 and IPv6 Specific Issues
More informationBASIC ANALYSIS OF TCP/IP NETWORKS
BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks
More informationSecurity issues with Mobile IP
Technical report, IDE1107, February 2011 Security issues with Mobile IP Master s Thesis in Computer Network Engineering Abdel Rahman Alkhawaja & Hatem Sheibani School of Information Science, Computer and
More informationIntroduction to IPv6 and Benefits of IPv6
Introduction to IPv6 and Benefits of IPv6 Ammar Yasir Korkusuz 2012 Bogazici University, Electrical-Electronics Engineering Department MSc. Student EE 545 TERM PROJECT Abstract: IPv6 is a new internet
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationIPv6 Advantages. www.compaq.com. Yanick Pouffary. Yanick.Pouffary@compaq.com
IPv6 Advantages Yanick Pouffary Yanick.Pouffary@compaq.com IPv6 FORUM A world-wide consortium of leading Internet vendors and Research and Education Networks The IPv6 FORUM mission To promote IPv6 in order
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationThis tutorial will help you in understanding IPv6 and its associated terminologies along with appropriate references and examples.
About the Tutorial Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP) and the first version of the protocol to be widely deployed. IPv6 was developed by the Internet
More informationEITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst
EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst Data communication in reality In reality, the source and destination hosts are very seldom on the same network, for
More informationDHCP, ICMP, IPv6. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley DHCP. DHCP UDP IP Eth Phy
, ICMP, IPv6 UDP IP Eth Phy UDP IP Eth Phy Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley Some materials copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights
More informationCIRA s experience in deploying IPv6
CIRA s experience in deploying IPv6 Canadian Internet Registration Authority (CIRA) Jacques Latour Director, Information Technology Ottawa, April 29, 2011 1 About CIRA The Registry that operates the Country
More informationMPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005
MPLS over IP-Tunnels Mark Townsley Distinguished Engineer 21 February 2005 1 MPLS over IP The Basic Idea MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) MPLS Tunnel
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More information