• No results found

IPv6 Security Challenges

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IPv6 Security Challenges"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

HERVÉ SCHAUER CONSULTANTS HERVÉ SCHAUER CONSULTANTS

Cabinet de Consultants en Sécurité Informatique depuis 1989 Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet

Spécialisé sur Unix, Windows, TCP/IP et Internet

Deploying IPv6 Networks 2003

Deploying IPv6 Networks 2003

Upperside Upperside

November 4, 2003 November 4, 2003

IPv6 Security Challenges

IPv6 Security Challenges

Hervé Schauer

Hervé Schauer

(2)

Agenda

Agenda

IPv6 security issues Security practices

Auto-configuration security challenges CARAMEL HSC Goals Show case Security Conclusion Resources

(3)

IPv6 Security Issues

IPv6 Security Issues

Security policy application models

Current common security model with IPv4

peer -- firewall -- Internet -- firewall -- peer

Security policy enforced by firewalls

Firewalls protect peers

Firewalls owned by organisations, ISPs or end users

Security policy designed by organisations or end users Home networks security model with IPv6

peer – Internet – peer ?

Security policy enforced by peers operating system ?

Security policy designed by peer owner ?

(4)

Security practices

Security practices

Enterprise networks

Perimeter defense

IP firewalls, HTTP/HTTPS firewalls, content analysis : anti-virus, anti-spam, etc

Defense in depth and network segmentation

DMZ, layered architectures, segmentation of wireless LAN, etc

TLS/SSL based business applications and VPNs for remote access

Including TLS/SSL encrypted traffic content scanning

Home networks

Basically no perimeter defense if not outsourced to the ISP

Network access control security is also the first security building block and the common denominator

Existing network access control mecanisms available like IEEE 802.1X

(5)

Auto-configuration Security Challenges

Auto-configuration Security Challenges

Security means trust

Trust in who configures your network and appliances How to bring trust to the end user ?

And the end user is not aware of the data network or the IP protocol Chicken and egg issue

To get consumer acceptance, it must work properly, securely, from the very beginning

(6)

CARAMEL

CARAMEL

C

o n fig u ra tio n

A

u to m a tiq u e d e s

R

é se a u x d ’

A

c c è s à la

M

a iso n e t d e s

É

q u ip e m e n ts d e

L

ia iso n

Automatic configuration of home networks with IPv6

RNRT (french research network) project labelised in may 2003 http://www.telecom.gouv.fr/rnrt/projets/CARAMEL.htm

Goal

Study auto-configuration mechanisms for home networks Design and build a complete show case

(7)

HSC background

HSC background

Security consulting firm for 15 years IETF involvement

HTTP1.1, logging format (syslog), GRIP, Policy, IPsec remote access & IPsec policy

Security analysis, audit & expertise

Telecom and IP networks (PBX and phones, GSM/UMTS, DSL, VoIP, etc)

Embedded security

Unix/Linux, Windows & PDAs/phones operating systems

(8)

CARAMEL : Goals

CARAMEL : Goals

Allow any layer 2 technologies

IEEE 802.3, 802.11b/g, IEEE 802.15

IEEE 1394

Enable construction of complex topologies

Cover the interface between the ISP and the home network Take in account different aspects of auto-configuration

Layer 3 configurations

Mobile devices such PDAs and phone handset, legacy equipment such as TV set

Security

(9)
(10)

Security in CARAMEL

Security in CARAMEL

Design security services for home networks Security in the network architecture design

Security in all applications and software build for the project

Security analysis at source code level

User interface for security awareness, configuration and alarms toward end-user

Access control security to the home network, id IP filtering or equivalent mecanism

Security in protocols : Autoconfiguration security Research challenge of the project

(11)

Conclusion

Conclusion

CARAMEL will try to bring better home networks security Questions ?

(12)

Resources

Resources

Implementing Security for IPv6, Cisco, 11/03,

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_secv6.htm Security Expert Initiative, IST project starting 12/03 :

http://www.seinit.org

IPv6 Transition/Co-existence Security Considerations, Pekka Savola, CSC/FUNET, IETF57, 07/03,

http://www.6bone.net/v6ops/minutes/IETF-57-Vienna/v6ops-security.pdf IPv6 et sécurité, Hervé Schauer, HSC, Cigref, 10/02, in french

http://www.hsc.fr/ressources/presentations/cigref-ipv6

IPv6 Internet Security for Enterprise, Akihiro Inomata, Fujitsu, APNIC Open Policy Meeting, 03/02,

http://www.apnic.net/meetings/13/sigs/docs/4.4_OSG_enterprise.ppt IPv6 Migration and security, Jean-Jacques Bernard, HSC, FIRST,

(13)

Thanks

Thanks

CARAMEL for show case picture

References

Download now ( PDF - 13 Page - 788.45 KB )

Related documents

A Plan for Chicago s Near Northwest Side

Morgan Green Halsted Kennedy DesPlaines Jefferson Clinton Canal Milwaukee N 0 1000’ 2000’ Community Commercial Community Connector Neighborhood Connector

FIRE DEPARTMENT OF MEMPHIS

 By a mutual decision of the Deputy Chief of EMS, the MFD medical director, and the Shelby County Health Department, routine transport of patients with pandemic signs and symptoms

The Perceptions of HIgh School Principals on Student Achievement by Conducting Walkthroughs

Pennsylvania Department of Education to measure school performance. It is the basis for holding school districts accountable by identifying low achieving schools..

STATE OF FLORIDA BOARD OF MEDICINE FINAL ORDER ON PETIMON FOR DECLARATORY STATEMENT

Buprenorphine and any material, compound, mixture, or preparation containing buprenorphine qualifies as a Schedule V drug pursuant to Section 893.03(5Xb), Florida Statutes9. Based

Chronic Pain Costs Debated by Colleen Shaddox Mar 1, :47 am

Health care advocates are using a photo exhibit to lobby Connecticut state lawmakers on a measure regulating insurance rules for pain medication. Pain Foundation will start a

Computer-Based Assessment and Enhancement of Inductive Reasoning Skills: A Case Study of the Education System Development in Palestine

The present empirical research connects important developing areas of educational research and places them in the context of the development of the Palestinian

Encapsulation and Controlled Release Technologies in Food Systems, 0813828554

An interesting feature of gelatin-based complex coacervate microcapsules is their ability to undergo solvent exchange; that is, a water-immiscible liquid originally encapsulated

Standard on Teleradiology

A teleradiology report should contain the type of the service (primary interpretation, second opinion etc.), the name of both the transmitting and receiving sites, the