IPv6 for SMB s: Easy or Hard?

Similar documents
IPv6 Infrastructure Security

IPv6 Infrastructure Security Jeffrey L Carrell Network Conversions Network Security Consultant, IPv6 SME/Trainer

IPv6 in Axis Video Products

IPv6 Network Security.

IPv6 Addressing. Awareness Objective. IPv6 Address Format & Basic Rules. Understanding the IPv6 Address Components

IPv6 Virtual Labs: How to & Lessons s Learned. IPv6 Virtual Labs:

IPv6 Fundamentals: A Straightforward Approach

Implementing DHCPv6 on an IPv6 network

IPv6 Addressing and Subnetting

Getting started with IPv6 on Linux

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

Implementation IPV6 in Mikrotik RouterOS. by Teddy Yuliswar

Are You Ready to Teach IPv6?

About Me. Work at Jumping Bean. Developer & Trainer Contact Info: mark@jumpingbean.co.za

IPv6.marceln.org.

Linux as an IPv6 dual stack Firewall

Firewalls und IPv6 worauf Sie achten müssen!

Samba and Vista with IPv6

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Chapter 3 Configuring Basic IPv6 Connectivity

Basic IPv6 WAN and LAN Configuration

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

About the Technical Reviewers

IPv6 Functionality. Jeff Doyle IPv6 Solutions Manager

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

IPv6 Autoconfiguration Best Practice Document

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

IPv6 Network Reconnaissance:

Joe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011

Version 1.3 April IPv6 Supplement: Configure IP Settings and IP Filtering

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

Deploying Samba in IPv6 Networks

Connecting to and Setting Up a Network

Discovering IPv6 with Wireshark. presented by Rolf Leutert

Developing an IPv6 Addressing Plan Guidelines, Rules, Best Practice

SSVVP SIP School VVoIP Professional Certification

Vicenza.linux.it\LinuxCafe 1

Introduction to IP v6

MULTIFUNCTIONAL DIGITAL SYSTEMS. TopAccess Guide

INLICHTINGEN DIENSTEN INLICHTINGEN DIENSTEN

Types of IPv4 addresses in Internet

Networking 4 Voice and Video over IP (VVoIP)

Setting Up Scan to SMB on TaskALFA series MFP s.

Personal Firewall Default Rules and Components

IP(v6) security. Matěj Grégr. Brno University of Technology, Faculty of Information Technology. Slides adapted from Ing.

Chapter 4. IP Addresses: Classful Addressing

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

IPV6 DEPLOYMENT GUIDELINES FOR. ARRIS Group, Inc.

TCP/IP Basis. OSI Model

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

Keywords: IPv6, transition, security, network, IPv4 security of IPv6 still has a long way to go.

Prestige 650R-31/33 Read Me First

Interconnecting IPv6 Domains Using Tunnels

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Prestige 314 Read Me First

Chapter 4 IP Addresses: Classful Addressing

IPv6 Addressing. How is an IPv6 address represented. Classifications of IPv6 addresses Reserved Multicast addresses. represented in Hexadecimal

Windows 7 Resource Kit

MULTIFUNCTIONAL DIGITAL SYSTEMS. Operator s Manual for Backup/Restore Utility

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

IBM Tivoli Network Manager 3.8

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

HYPERLINK Internet PC setup guide. HYPERLINK Internet support helpdesk at

DocuPrint C3290 FS Features Setup Guide

IMM2 Configurations User's Guide Version 1.0 (Jan 2013)

Industry Automation White Paper Januar 2013 IPv6 in automation technology

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

This tutorial will help you in understanding IPv6 and its associated terminologies along with appropriate references and examples.

Corresponding Auto Names for IPv6 Addresses <draft-kitamura-ipv6-auto-name-02.txt> Hiroshi KITAMURA NEC Corporation

USB Device Server. User Manual. SDCardserver myutn-120 Scannerserver myutn-130 myutn-150. myutn-50 myutn-52 myutn-54 Dongleserver myutn-80

Configure DHCP features benefits Differences BOOTP DHCP operation configuring verifying troubleshooting Configure N AT NAT features operation

Network Terminology Review

ERserver. iseries. Networking TCP/IP setup

IP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.

IP Next Generation (IPv6)

Addresses, Protocols, and Ports

Part A:Background/Preparation

Network Access Security It's Broke, Now What? June 15, 2010

Matt Ryanczak Network Operations Manager

MobaXTerm: A good gnome-terminal like tabbed SSH client for Windows / Windows Putty Tabs Alternative

MULTIFUNCTIONAL DIGITAL SYSTEMS. Operator s Manual for AddressBook Viewer

IPv6 Addressing. John Rullan Cisco Certified Instructor Trainer Thomas A. Edison CTE HS

Configuring the WT-4 for ftp (Ad-hoc Mode)

USB-PRINTER WIRELESS LAN PRINTSERVER (DN ) Quick Installation Guide

The initial set up takes a few steps, but then each time you want to connect it is just a two set process.

NETWORK USER S GUIDE MFC-9125CN MFC-9325CW

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Learn About Differences in Addressing Between IPv4 and IPv6

ICS 351: Today's plan

2X SecureRemoteDesktop. Version 1.1

CCT vs. CCENT Skill Set Comparison

Joe Klein, CISSP IPv6 Security Researcher

IPv6 Hardening Guide for Windows Servers

Transcription:

IPv6 for SMB s: Easy or Hard? Jeffrey L Carrell Network Conversions Network Security Consultant 1

Agenda IPv6 address Network applications Network utilities Server operating systems Client operating systems Network peripherals Security concerns How to Connect with IPv6 2

Do you remember ----- What network protocols you were running in 1990? IPX/SPX Novell AppleTalk Apple NetBIOS/NetBEUI Sytek, IBM, Microsoft DECnet DEC XNS Xerox Others??? What network protocols you were running in 2000? IP (IPv4) IPv6 maybe?? How many of you were involved in the conversion of one or more of these protocols to IP (IPv4)? 3

Hexadecimal notation 0010 0000 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 1010 0101 0010 2001:0000:0000:0A52:0000:0000:0000:3D16 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0011 1101 0001 0110 4

Shorthand notation Option 1 2001::A52:0:0:0:3D16 Consecutive Zeros Leading Zeros 2001:0000:0000:0A52:0000:0000:0000:3D16 Leading Zeros Consecutive Zeros Option 2 2001:0:0:A52::3D16 5

Incorrect shorthand notation 2001:0000:0000:0A52:0000:0000:0000:3D16 Consecutive Zeros Consecutive Zeros Leading Zeros 2001::A52::3D16 How many groups of zeros are missing? 6

Mixed URL & IPv6 notation in URL IPv6 Characters URL Characters https://[2001:0:0:a52::3d16]:5678/webpage.html Enclose IPv6 Address in Square Brackets Optional Port ID 7

IPv6 addresses Assigning the interface ID: Autoconfiguration SLAAC (Stateless address autoconfiguration), generally a /64 Stateful Modified IEEE EUI-64 format (RFC 4291) Derived from MAC address Privacy format (RFC 4941) Derived from random number generator generally via DHCPv6 Cryptographically generated (RFC 3972) Secure/unique interface ID Manual configuration 8

Interface ID from MAC Company ID Manufacturer Data 00 19 71 64 3F 00 IEEE 48-Bit MAC Address 00 19 71 FF FE 64 3F 00 Expand to EUI-64 00000000 00000010 7 th bit inverted 0xFFFE inserted 02 19 71 FF FE 64 3F 00 Invert the Global Bit 0219:71FF:FE64:3F00 Interface ID 9

Types of addresses Unicast One-to-one communication Multicast One-to-many communications Anycast Combination use of both Unicast and Multicast Global Internet routable Link-local scope Automatically assigned per interface Loopback/Localhost ::1/128 10

Network utilities Ping Trace route Telnet SSH TFTP FTP If using SLAAC link-local address, must specify as: <ipv6-addr>%<zone-id> Ex., ping fe80::20c:29ff:fe04:643b%11 (Win7) Ex., ping fe80::20c:29ff:fe04:643b%<vlan-id> (ProVision) 11

Server operating systems Microsoft Server 2003 2008 Limited server application support no: AD, DHCPv6, RDP, Exchange, SQL, ftp, Most (if not all) server applications Linux Longest support, generally most server applications 12

Client operating systems Microsoft Windows XP w/sp2 - must install IPv6 protocol CLI only configuration Vista & 7 - native and enabled by default GUI and CLI configuration All use RFC3041 privacy addresses by default Apple Mac OS X Mac OS X 10.4+ - native and enabled by default GUI and CLI configuration Uses EUI-64 address by default, no DHCPv6 support Linux Generally natively enabled 13

Network peripherals Printers VoIP phones Network cameras Embedded systems ** More manufacturers are supporting IPv6 in their devices *** and IPv6 ready or supported does not mean the same thing to everybody!!! 14

Security concerns If EUI-64 based address, can determine manufacturer of interface, which may lead to what type of device it is, and where in the network in may be located. Since IPv6 is enabled by default in many operating systems and devices, simple scan of network will provide tons of info Many tools already available for exploitation of devices/systems 15

How to Connect with IPv6 Native Many Internet Service Providers have started trials and beta s, 2012 should see increased IPv6 access Tunnel free services available: hurricane electric (he.net) Gogo6/freenet6 (gogo6.com) SixXS (sixxs.com) 16

IPv6 Tunnel 17

World IPv6 Day System Local services Web mail External services DNS IPv6 Connection Tunnel he.net 18

Thank You for Attending! Jeffrey L Carrell Network Security Consultant jeff.carrell@networkconversions.com jeff.carrell@ipv6hol.com www.ipv6networkpros.com 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information