SlideShare una empresa de Scribd logo

IPv6 Security - Where is the Challenge

RIPE NCC
RIPE NCC

Presentation given by Marco Hogewoning at SEE 2, Skopje, Macedonia on 23 April 2013.

Tecnología
1 de 20
IPv6 Security Where is the challenge? Marco Hogewoning External Relations RIPE NCC Sunday, April 21, 2013
Biggest Hurdle Deploying IPv6 2 (NRO: Global IPv6 Deployment Survey) Sunday, April 21, 2013
Increased Awareness? 3 (Ernst & Young: Global Information Security Survey) Sunday, April 21, 2013
Where is the Risk? Sunday, April 21, 2013
Threat or Vulnerability? • Threat: the potential to cause harm – DoS, unauthorised access, viruses • Vulnerability: a weakness that can be exploited – Bugs, configuration errors, design flaws • Risk: the possibility that a vulnerability will be exploited by somebody to cause harm 5 Sunday, April 21, 2013
Human Factor • Vulnerabilities exist because of human errors: – Coding errors – Configuration errors – Design flaws • Doesn’t mean it is your fault – But a lot of times you can limit the risk 6 Sunday, April 21, 2013
Examples Is this IPv6 related? Sunday, April 21, 2013
Rogue Router Advertisement • IPv6 relies on routers to announce themselves using ICMPv6 multicasts • Protocol has little to no security • Every machine can claim to be a router – Reconfigure clients to another subnet – Redirect or intercept traffic 8 Sunday, April 21, 2013
Rogue Router Advertisement (IPv4) • Every machine can start a DHCP server – Reconfigure clients to another subnet – Redirect or intercept traffic – NAT44 makes it much easier to hide it • ARP spoofing – Pretend I am the router by claiming its MAC address 9 Sunday, April 21, 2013
Protection at Protocol Layer • “RA Guard” feature – Filter route announcements on switches – On all ports except for the known router – Present in a lot of equipment already • SEcure Neighbor Discovery (SEND) – Fix the protocol by adding verification – Add cryptographic certificates and signatures – No widespread implementation 10 Sunday, April 21, 2013
What About Layer 2? • Securing access to the physical network: – 802.1x authentication – Disable unused ports on switches – Strengthen wireless passwords – MAC address counters or filters (port security) • Lowers the risk for both protocols – Can protect for other vulnerabilities 11 Sunday, April 21, 2013
Upper Layers Where are you? Sunday, April 21, 2013
Vulnerabilities are Everywhere • Most security incidents caused in the application layers: – Buffer overflows – SQL injection – Man-in-the-middle attacks – Weak authentication 13 Sunday, April 21, 2013
General Prevention Methods • Don’t run any unnecessary services • Keep up to date with software patches • Use encryption where possible • Use two-factor authentication • Keep it simple 14 Sunday, April 21, 2013
Source of Incidents 15 (PWC: Information Security Survey) Sunday, April 21, 2013
The Human Factor • Attacks are triggered by somebody • Known vulnerabilities are ignored • Mistakes can and will happen 16 Sunday, April 21, 2013
Capacity Building • Test your implementations before deploying – Don’t rely on the glossy brochure • Build up knowledge – Learn to identify potential risks – Learn how to deal with them • Make use of available resources – Training courses and tutorials – Share your experiences 17 Sunday, April 21, 2013
Improving Security with IPv6 • Multiple subnets makes it easier to separate functions or people • Lack of NAT – Makes everything much more visible – Security moves to the end hosts – Forces you to think • Somebody might already use IPv6! – Using tunnels to hide what is going on 18 Sunday, April 21, 2013
Conclusion • IPv6 might add some vulnerabilities • IPv6 is not a threat • You are the biggest risk 19 Sunday, April 21, 2013
Questions? marcoh@ripe.net Sunday, April 21, 2013

Recomendados

Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Imperva
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
North Texas Chapter of the ISSA
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
Emanuela Boroș
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
webhostingguy
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Akila srinivasan microsoft-bug_bounty-(publish)
Akila srinivasan microsoft-bug_bounty-(publish)Akila srinivasan microsoft-bug_bounty-(publish)
Akila srinivasan microsoft-bug_bounty-(publish)
PacSecJP
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
City Unrulyversity
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 

Recomendados

Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Imperva
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
North Texas Chapter of the ISSA
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
Emanuela Boroș
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
webhostingguy
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Akila srinivasan microsoft-bug_bounty-(publish)
Akila srinivasan microsoft-bug_bounty-(publish)Akila srinivasan microsoft-bug_bounty-(publish)
Akila srinivasan microsoft-bug_bounty-(publish)
PacSecJP
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
City Unrulyversity
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
SoundaryaB2
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
hamzakareem2
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
wremes
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
CODE BLUE
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
Manesh T
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
TruShield Security Solutions
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
Phdtopiccom
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Hacking
HackingHacking
Hacking
NishaPariyar
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 Autoconfig
Fred Bovy
 
I pv6 autoconfig20c
I pv6 autoconfig20cI pv6 autoconfig20c
I pv6 autoconfig20c
Frederic Bovy
 

Más contenido relacionado

La actualidad más candente

Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
CODE BLUE
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
TruShield Security Solutions
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 

La actualidad más candente (20)

Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Hacking
HackingHacking
Hacking
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 

Destacado

IPv6 technical introduction
IPv6 technical introductionIPv6 technical introduction
IPv6 technical introduction
Rayed Alrashed
 
IPv6
IPv6IPv6
IPv6
Peter R. Egli
 

Destacado (12)

IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 Autoconfig
 
I pv6 autoconfig20c
I pv6 autoconfig20cI pv6 autoconfig20c
I pv6 autoconfig20c
 
IPV6 Addressing
IPV6 Addressing IPV6 Addressing
IPV6 Addressing
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in general
 
Presentación IPv6
Presentación IPv6Presentación IPv6
Presentación IPv6
 
IPv6
IPv6IPv6
IPv6
 
Ipv6
Ipv6Ipv6
Ipv6
 
IPV6 ppt
IPV6 pptIPV6 ppt
IPV6 ppt
 
IPv6 technical introduction
IPv6 technical introductionIPv6 technical introduction
IPv6 technical introduction
 
Ipv6
Ipv6Ipv6
Ipv6
 
ipv6 ppt
ipv6 pptipv6 ppt
ipv6 ppt
 
IPv6
IPv6IPv6
IPv6
 

Similar a IPv6 Security - Where is the Challenge

Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
Mohit Rampal
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
WSO2
 

Similar a IPv6 Security - Where is the Challenge (20)

Securitych1
Securitych1Securitych1
Securitych1
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
How to find_vulnerability_in_software
How to find_vulnerability_in_softwareHow to find_vulnerability_in_software
How to find_vulnerability_in_software
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
FALCON.pptx
FALCON.pptxFALCON.pptx
FALCON.pptx
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Computer Networking
Computer NetworkingComputer Networking
Computer Networking
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerability
 

Más de RIPE NCC

Más de RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

IPv6 Security - Where is the Challenge

  • 1. IPv6 Security Where is the challenge? Marco Hogewoning External Relations RIPE NCC Sunday, April 21, 2013
  • 2. Biggest Hurdle Deploying IPv6 2 (NRO: Global IPv6 Deployment Survey) Sunday, April 21, 2013
  • 3. Increased Awareness? 3 (Ernst & Young: Global Information Security Survey) Sunday, April 21, 2013
  • 4. Where is the Risk? Sunday, April 21, 2013
  • 5. Threat or Vulnerability? • Threat: the potential to cause harm – DoS, unauthorised access, viruses • Vulnerability: a weakness that can be exploited – Bugs, configuration errors, design flaws • Risk: the possibility that a vulnerability will be exploited by somebody to cause harm 5 Sunday, April 21, 2013
  • 6. Human Factor • Vulnerabilities exist because of human errors: – Coding errors – Configuration errors – Design flaws • Doesn’t mean it is your fault – But a lot of times you can limit the risk 6 Sunday, April 21, 2013
  • 7. Examples Is this IPv6 related? Sunday, April 21, 2013
  • 8. Rogue Router Advertisement • IPv6 relies on routers to announce themselves using ICMPv6 multicasts • Protocol has little to no security • Every machine can claim to be a router – Reconfigure clients to another subnet – Redirect or intercept traffic 8 Sunday, April 21, 2013
  • 9. Rogue Router Advertisement (IPv4) • Every machine can start a DHCP server – Reconfigure clients to another subnet – Redirect or intercept traffic – NAT44 makes it much easier to hide it • ARP spoofing – Pretend I am the router by claiming its MAC address 9 Sunday, April 21, 2013
  • 10. Protection at Protocol Layer • “RA Guard” feature – Filter route announcements on switches – On all ports except for the known router – Present in a lot of equipment already • SEcure Neighbor Discovery (SEND) – Fix the protocol by adding verification – Add cryptographic certificates and signatures – No widespread implementation 10 Sunday, April 21, 2013
  • 11. What About Layer 2? • Securing access to the physical network: – 802.1x authentication – Disable unused ports on switches – Strengthen wireless passwords – MAC address counters or filters (port security) • Lowers the risk for both protocols – Can protect for other vulnerabilities 11 Sunday, April 21, 2013
  • 12. Upper Layers Where are you? Sunday, April 21, 2013
  • 13. Vulnerabilities are Everywhere • Most security incidents caused in the application layers: – Buffer overflows – SQL injection – Man-in-the-middle attacks – Weak authentication 13 Sunday, April 21, 2013
  • 14. General Prevention Methods • Don’t run any unnecessary services • Keep up to date with software patches • Use encryption where possible • Use two-factor authentication • Keep it simple 14 Sunday, April 21, 2013
  • 15. Source of Incidents 15 (PWC: Information Security Survey) Sunday, April 21, 2013
  • 16. The Human Factor • Attacks are triggered by somebody • Known vulnerabilities are ignored • Mistakes can and will happen 16 Sunday, April 21, 2013
  • 17. Capacity Building • Test your implementations before deploying – Don’t rely on the glossy brochure • Build up knowledge – Learn to identify potential risks – Learn how to deal with them • Make use of available resources – Training courses and tutorials – Share your experiences 17 Sunday, April 21, 2013
  • 18. Improving Security with IPv6 • Multiple subnets makes it easier to separate functions or people • Lack of NAT – Makes everything much more visible – Security moves to the end hosts – Forces you to think • Somebody might already use IPv6! – Using tunnels to hide what is going on 18 Sunday, April 21, 2013
  • 19. Conclusion • IPv6 might add some vulnerabilities • IPv6 is not a threat • You are the biggest risk 19 Sunday, April 21, 2013