The Internet industry is undergoing a fundamental change as it transitions from IPv4 to IPv6. These slides are from the June 2011 webcast which provided an overview of IPv6 Threats, recommendations on how to stay protected during the transition to IPv6 as well as information on what Commtouch is doing to ensure its solutions are IPv6 compliant.
The webcast features Commtouch security experts Asaf Greiner and Gabriel M. Mizrahi. You can view the webcast on the Commtouch Slideshare page.
4. IPv6 Informational Series Part 1: An Introduction to IPv6 on Eyal OrgilMarketing DirectorCommtouch http://www.slideshare.net/Commtouch or at www.commtouch.com/introduction-ipv6
5. IPv6 Informational Series Part 1: An Introduction to IPv6 Part 2: IPv6 Security Threats Eyal OrgilMarketing DirectorCommtouch
9. Is IPv6 a Significant Event Move to IPv6 a transition, not an event Taking place for several years Will continue for many more years There will be security implications During the transition period After fully implemented Many threats same as IPv4 Especially while dual-stacks are in use
10. Is IPv6 a Significant Event Many IPv4 threats not applicable to IPv6 Care must be taken when using dual-networks Many existing security solutions can protect against IPv6 threats But, must be properly configured Many threats related to transition to IPv6, not new threats
11. Is IPv6 a Significant Event Many IPv6 users today are experts and enthusiasts IPv6 is not yet in widespread usage Still see minimal usage of IPv6 Wider adoption of IPv6 depends on readiness of network infrastructures Currently no big incentive to move to IPv6
12. Is IPv6 a Significant Event Hackers will utilize IPv6 when it will bring them value Not deployed widely enough in order to invest time As IPv6 grows it will appear on the Hacker radar Transition a long process, not a one day event Advise that you learn and adjust
14. Is IPv6 Another Y2K? Don’t be scared of IPv6, but don’t take lightly IPv6 is a technology which offers: New opportunities New challenges No date for IPv6 Will take years for IPv6 to become the main protocol
15. Is IPv6 Another Y2K? Expect many mission critical infrastructures to remain IPv4 Enough IPv4 addresses for these Unlikely websites will be moved to be IPv6 in near future When a large move occurs, we will know: There is a large user IPv6 base End of transition period is near
24. IPv6 Tunneling Threat Need to be aware that security devices are configured for IPv6 For example firewalls Another example – IDS (Intrusion Detection System) Can inspect IPv6, but you need to enable it If not, you won’t be enforcing the policy on IPv6
30. Rogue Devices Windows 7 Windows 7 Windows 7 IPv6 Network IPv4 Network IPv6 enabledby default
31. Rogue Devices Windows 7 Windows 7 Windows 7 Internet? Internet? Internet? IPv6 Network IPv4 Network IPv6 searchesfor accessto the Internet
32. Rogue Devices Windows 7 Windows 7 Windows 7 Internet? Internet? Internet? IPv6 Network IPv4 Network IPv6 Prefix IPv6 Prefix Internet IPv6 Rogue Device
33. Rogue Devices The difference is: IPv4 is used daily If a different allocation is provided, there will be noticeable effects With IPv6, the insertion of a rogue device may go unnoticed
38. Rogue Devices Not only a Windows problem An issue with most operating systems IPv6 is defined by default IPv6 could run in the background without anyone’s knowledge Security risk also in IPv4 with DHCP Make sure unauthorized devices cannot connect to your network
40. IP Reputation Far more IP addresses in IPv6 232 compared to 2128 Challenges IP allocation will be different from IPv4 Anyone can get a large IP allocation Any person can get a 64 bit allocation (264) The entire Internet today is 232
41. IP Reputation Last 64 bits define the device ID Complicate issue by using randomizer to change 64 bit Every spam message could be sent from different IP From IP address: wwww From IP address: xxxx From IP address: yyyy 264 DifferentIP Addresses Internet From IP address: zzzz
51. Commtouch and IPv6 Commtouch has been working on IPv6 for some time Making changes to client side and back-end Client side will be transparent Focus has been on the back-end GlobalView Mail Reputation transparently supports more IPs addresses Still single query of an IP address but data storage more efficient
52. Commtouch and IPv6 Monitoring the Internet Identifying IPv6 threats Classifying threats Currently seeing minor IPv6 spam activity Believe spammers experimenting with IPv6 Too noticeable today to send spam via IPv6 when there is very little email on this network
54. Gabriel Mizrahi’s IPv6 Recommendations Make sure you have mapped all devices on your network Implement IPv6 step-by-step Have a written procedure of how you will introduce IPv6 Plan to implement a dual stack as a first stage
55. Asaf Greiner’s IPv6 Recommendations Get educated about IPv6 Everyone should go back to networking fundamentals Understand what’s implemented on our network today, and why Then look at what needs to remain or change Learn from others What mistakes and successes other have experienced
56. Asaf Greiner’s IPv6 Recommendations Lockdown from IPv6 as a start Then implement staged plan to roll out IPv6 Take care to avoid configuration errors
57. Thank you to Asaf Greiner Commtouch VP Products Gabriel M. MizrahiCommtouch VP Technologies
58. 51 View the recorded webcast on SlideShare at… http://www.slideshare.net/Commtouch/commtouch-ipv6-threats on
59. Have a question? Send questions to: IPv6@commtouch.com Responses posted: http://blog.commtouch.com