GTRI's IPv6 Training Classes April 29 th to May 2 nd 2014

Similar documents
IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

About the Technical Reviewers

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

Securing IPv6. What Students Will Learn:

3.5 IPv6 Forum Certified Security Course, Engineer, Trainer & Certification (GOLD)

ProCurve Networking IPv6 The Next Generation of Networking

IPv6 Fundamentals, Design, and Deployment

Network Access Security. Lesson 10

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Linux Network Security

TABLE OF CONTENTS NETWORK SECURITY 1...1

CIRA s experience in deploying IPv6

Vulnerabili3es and A7acks

IPv6 Fundamentals: A Straightforward Approach

Basic IPv6 WAN and LAN Configuration

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

IPv6 Hardening Guide for Windows Servers

Cisco Packet Tracer 6.3 Frequently Asked Questions

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

Securing Cisco Network Devices (SND)

Interconnecting Cisco Network Devices 1 Course, Class Outline

Cisco Networking Professional-6Months Project Based Training

CISCO IOS NETWORK SECURITY (IINS)

Cisco Certified Security Professional (CCSP)

Dedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

CCT vs. CCENT Skill Set Comparison

IPv6 en Windows. Juan Jackson Pablo García

The Truth about IPv6 Security

Network Security IPv4 + IPv6

Implementing Cisco IOS Network Security

Building A Secure Microsoft Exchange Continuity Appliance

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

Matt Ryanczak Network Operations Manager

"Charting the Course...

IPv6 Opportunity and challenge

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Lab Organizing CCENT Objectives by OSI Layer

Raritan Valley Community College Academic Course Outline. CISY Advanced Computer Networking

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) (DR)

Eric Vyncke, Distinguished Engineer, 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Cisco IPv6 update (in <=5minutes) TF-NGN meeting, Brussels

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

How To Learn Cisco Cisco Ios And Cisco Vlan

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Personal Firewall Default Rules and Components

CompTIA Network+ (Exam N10-005)

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Network System Design Lesson Objectives

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

Cisco Certified Network Associate - Design

Vicenza.linux.it\LinuxCafe 1

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Moonv6 Test Suite. IPv6 Firewall Network Level Interoperability Test Suite. Technical Document. Revision 1.0

IPv6 First Hop Security Protecting Your IPv6 Access Network

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Security of IPv6 and DNSSEC for penetration testers

CURSO DE PREPARACION PARA LA CERTIFICACION CCNA (Cisco Certified Network Associate)

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

IPv6 Security Nalini Elkins, CEO Inside Products, Inc.

Firewalls und IPv6 worauf Sie achten müssen!

Implementing IPv6 at ARIN Matt Ryanczak

C)PTC Certified Penetration Testing Consultant

Getting started with IPv6 on Linux

INTRODUCTION TO FIREWALL SECURITY

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Implementing Core Cisco ASA Security (SASAC)

IPv6 Security. Scott Hogg. Global Technology Resources, Inc. Director of Technology Solutions CCIE #5133, CISSP #4610

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

50 Cragwood Rd, Suite 350 South Plainfield, NJ Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

General Network Security

Cisco Certified Network Expert (CCNE)

BASIC ANALYSIS OF TCP/IP NETWORKS

SECURITY IN AN IPv6 WORLD MYTH & REALITY. SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann

IPv6 Network Security.

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

Networking: EC Council Network Security Administrator NSA

Chapter 8 Network Security

Networking for Caribbean Development

Cisco. Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager pgrosset@cisco.com

SSVVP SIP School VVoIP Professional Certification

IINS Implementing Cisco Network Security 3.0 (IINS)

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Securing end devices

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

TABLE OF CONTENTS NETWORK SECURITY 2...1

IPv6 Infrastructure Security

Joe Klein, CISSP IPv6 Security Researcher

IPV6 FRAGMENTATION. The Case For Deprecation. Ron Bonica NANOG58

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Firewall Defaults and Some Basic Rules

Transcription:

GTRI's IPv6 Training Classes April 29 th to May 2 nd 2014 This IPv6 training class will provide you with an in- depth understanding of this new Internet Protocol and will prepare you and your organization to implement it correctly right from the start. This class will teach you how to plan, configure, troubleshoot and secure IPv6 from the on- set in order to avoid potential security vulnerabilities and other problems before they arise. Scott Hogg, an experienced IPv6 trainer, who has been working with the protocol for over a decade, will lead each class sessions. Scott will share his best- practice experiences planning and deploying IPv6 and provide leadership through the hands on lab sessions throughout the class. The subsequent sections include a detailed breakdown of the four- day IPv6 training class agenda. The topics below will be covered in a four- day class, which will only be offered at the GTRI HQ in Denver Colorado. These classes will be a combination of lecture, live demonstrations and hands on lab experiences using IPv6 technology. The goal of the class is to provide mid- level to advanced information on IPv6 in order to increase your skills for the support and maintenance of an IPv6 rollout within your organization. The training will use a combination of GTRI's physical lab, GNS3/Dynagen/Dynamips, and the on- site GTRI IPv6 lab environment. IPv6 Training Attendees are required bring their laptops in order to connect over wireless 802.11b/g (or Ethernet) to the demonstration lab environment (Laptop requirements below). You will be in a live IPv6 environment and have the ability to enhance your learning experience through the live lab sessions and demonstrations using telnet/ssh and other connectivity tools made available. Please refer to the hardware and software requirements at the bottom of the agenda to make your training sessions productive and fun. Detailed Agenda for IPv6 training class at GTRI Day 1 IPv6 Introduction 2 Hours 8:00AM to 10:00AM Rationale for IPv6 IPv6 Features and Benefits o IPv6 Header structure, extension headers o IPv6 Addressing o ICMPv6 (NDP, PMTUD, MLD,...) o Stateless and Stateful address autoconfiguration IPv6 Transition Techniques o Dual Protocol/Dual Stack o Tunneling (manual, dynamic), 6to4, ISATAP, Teredo IPv6/v4 tunneling o Translation/ALG

Current Level of IPv6 Support o Operating System and Application Support o Service Provider Support 15 Minute Break 10:00AM to 10:15AM IPv6 Introduction (Cont.) 1.5 Hour 10:15AM to 11:45AM IPv6 Transition Planning o Preparing an IPv6 Inventory, Impact Analysis, Transition Plan IPv6 Summary o IPv6 Advantages and Challenges References & Suggested Reading Questions and Answers Basic demo of IPv6, enablement on operating system, application traffic, viewing IPv6 packets with Wireshark Lunch Break 11:45AM to 1:00PM IPv6 Networking Deep Dive 2 Hours 1:00PM to 3:00PM IPv6 Routing Protocols o OSPF o IS- IS o BGP QoS and Flow Label IPv6 multicast routing Policy Based Routing DHCPv6 Prefix Delegation IPv6 First Hop Redundancy Protocols o NUD, HSRPv6, GLBPv6, VRRPv3 Current level of IPv6 support in networking products Questions and Answers 15 Minute Break 3:00PM to 3:15PM Live IPv6 Networking Demonstration 1.5 Hours 3:15PM to 4:45PM Dual Stack router configurations Static Routing General Prefix HSRPv6 IPv6 Routing OSPFv3 configuration MBGP configuration

IPsec Tunnel configuration Day 2 Troubleshooting IPv6 Networks and Systems 2 Hours 8:00AM to 10:00AM Troubleshooting methodologies Troubleshooting with the OSI model Layer 1 troubleshooting o Detecting physical layer errors Layer 2 troubleshooting o Troubleshooting Neighbor Discovery Protocol (NDP) Layer 3 troubleshooting o Verifying IPv6 addressing and routing on various operating systems o Troubleshooting ICMPv6 o Using Ping, traceroute o Troubleshooting DNS o IPv6 packet capture and protocol decoding Layer 4 troubleshooting o Troubleshooting TCP and UDP end- to- end connectivity o Web Browsers and IPv6 o Understanding Path MTU Discovery o IPv6 Multicast Troubleshooting 15 Minute Break 10:00AM to 10:15AM Live Demonstration of IPv6 Troubleshooting 1.5 Hours 10:15AM to 11:45AM Live troubleshooting exercises in the demonstration lab Troubleshooting IPv6 Neighbor Discovery Protocol (NDP) Using packet capture utilities and decoding IPv6 packets Troubleshooting end- to- end IPv6 connectivity issues Using tools like: Pathping, JPerf, NetCat, Telnet, SSH, NetCat, IPSLA Troubleshooting DNS for dual- protocols Troubleshooting IPv6- enabled applications Lunch Break 11:45AM to 1:00PM IPv6 Applications and Services 2 Hours 1:00PM to 3:00PM IPv6 features in operating systems and applications Current Level of IPv6 Support

o DNS configuration DHCPv6 Microsoft, Linux, other operating systems IPv6 Applications and Software o IPv6 Coding Standards Network Management Questions and Answers 15 Minute Break 3:00PM to 3:15PM Live Demonstration of IPv6 Applications 1.5 Hours 3:15PM to 4:45PM Dual Stack Windows 7, Linux Stateless autoconfiguration on various operating systems Apache, IIS web servers using IPv6 DNS Bind 9 configuration and testing SSH, FTP with IPv6 Using Wireshark to look at IPv6 packets Day 3 IPv6 Security 2 Hours 8:00AM to 10:00AM Introductions, review of agenda, roll- call, class logistics Overview of IPv6 Security o Security concerns about IPv6 and dual- stack operating systems - o Review of the "Latent IPv6 Threat" o State of standards development for IPv6 security specific, well- known issues o Consequences of running two IP versions simultaneously o Security as it relates to the OSI model and the introduction of IPv6 to environments o IPv6 compatible security tools (i.e. routers ACLs, firewalls, proxies, IDS/IPS) o Level of hacker IPv6 experience o Examples of IPv6 security hacker tools available o Examples of documented IPv6 vulnerabilities & vendor response (patches) IPv6 Threats o Reconnaissance differences in IPv6 compared to IPv4 o Describe what techniques attackers will use to perform reconnaissance on IPv6 networks o LAN Threats using Neighbor Discovery Protocol (NDP) o ICMPv6 Threats on a LAN o Review of Secure Neighbor Discovery (SEND) o Discuss protection methods of IPv6 on a LAN

15 Minute Break 10:00AM to 10:15AM Live Demonstration of IPv6 Troubleshooting 1.5 Hours 10:15AM to 11:45AM Students connect their computers to IPv6 lab Demonstrate IPv6 network configurations in a lab Show configurations of the network devices Demonstrate attacks against Neighbor Discovery Protocol (NDP) Demonstrate of ICMPv6 crafted RA/RS and NA/NS messages Show methods to prevent these types of attacks Students try these same techniques Lunch Break 11:45AM to 1:00PM IPv6 Security 2 Hours 1:00PM to 3:00PM IPv6 Threats (Continued) o IPv6 Privacy Addressing o Extension Headers o Routing Header (RH0) attacks o Fragmentation attacks o Transition Mechanism Threats Attacks on tunneling, translation 15 Minute Break 3:00PM to 3:15PM Live IPv6 Security Demonstration 1.5 Hours 3:15PM to 4:45PM Show hop- by- hop crafted packet exploit and how to protect against it Demonstrate protocol fuzzing attacks for IPv6 Demonstrate issues with extension headers Perform a RH0 attack and show how to disable this attack Perform fragmentation attack Execute Layer3/4 spoofing attack and show mitigation techniques Demonstrate filtering protection measures for these types of attacks Day 4 IPv6 Security 2 Hours 8:00AM to 10:00AM Review Popular IPv6 Protection Measures o IPv6- Capable Firewalls (appliances, host- based firewalls) o Review of IPv6- capable firewalls and how they are configured o IPv6- Capable Intrusion Prevention Systems (IPS) o Discussion about IPS IPv6 capabilities

o o IPsec configuration for IPv6 SSL VPN configuration for IPv6 15 Minute Break 10:00AM to 10:15AM Live Demonstration of IPv6 Troubleshooting 1.5 Hours 10:15AM to 11:45AM Show configuration of ASA, router ACLs, and IOS firewall Demonstration of IPv6- capable IPS configuration Show IPsec configurations between various devices IPsec configuration between diverse operating systems Lunch Break 11:45AM to 1:00PM IPv6 Security 2 Hours 1:00PM to 3:00PM More IPv6 Threats o IPv6 Router Threats o How to defend routers and switches from IPv6 attacks o Application- layer Threats o Man- In- The- Middle Threats o Flooding DoS o Viruses and Worms Mobile IPv6 Security o Describe security implications of MIPv6 and how to protect the MN and HA from attacks Questions and Answers 15 Minute Break 3:00PM to 3:15PM Live IPv6 Security Demonstration 1.5 Hours 3:15PM to 4:45PM Hardening IPv6 Network Devices Router hardening for IPv6 Demonstrate security for DNS and web services Demonstrate IPv6 application attacks Demonstrate protections for Windows 7 and Linux operating systems Requirements for Student Laptop STUDENT LAPTOP REQUIRED IMPORTANT - BRING YOUR OWN LAPTOP TO THE CLASS! To get the most value out of the course, students are encouraged to bring their own laptop so that they can connect directly to the IPv6 workshop network. It is the students' responsibility to make sure that

the computer system they are bringing is properly configured with all drivers necessary to connect to an 802.11 b/g Wireless network or an Ethernet wired network. Windows Laptops You are required to bring Windows 7 (Professional or Ultimate), Windows Vista (Business or Ultimate), Windows XP Pro, or Windows 2003 or 2008 Server, either a real system or a virtual machine. Windows 7 Home, Windows Vista Home, Windows XP Home, and Windows 2000 (all versions) will not work optimally for the class as they do not include all of the built- in IPv6 capabilities we need for comprehensive analysis of the system. For example, Mac OS X, Windows XP and Server 2003 do not include a DHCPv6 client and only perform DNS lookups over IPv4. Mac OS X Lion (6.7) does include a DHCPv6 client. IMPORTANT NOTE: You may also be required to disable your anti- virus tools temporarily for some exercises, so make sure you have the anti- virus administrator permissions to do so. DO NOT plan on just killing your anti- virus service or processes, because most anti- virus tools still function even when their associated services and processes have been terminated. You will need administrative privileges to perform many of the tasks during the class so be sure you have the proper permissions on the computer you are bringing to the training. Mandatory Laptop Hardware Requirements x86- compatible 1.5 Ghz CPU Minimum or higher DVD Drive (not a CD drive) 3 Gigabyte RAM minimum or higher Ethernet adapter 5 Gigabyte available hard drive space Any Service Pack level is acceptable for Windows XP Pro, 2003, Vista, or Win7 During the workshop, you will be connecting to a community network that other students are connecting to. This could be a potentially hostile environment and your laptop might be attacked. You should not have any sensitive data stored on the system. We are not responsible for your system if someone in the class attacks it in the workshop. By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun - We look forward to seeing you! Training Location: GTRI Main Office 990 South Broadway, Suite 300 Denver, Colorado, 80209

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information