• No results found

Final Year Project 2 Slide

N/A
N/A
Protected

Academic year: 2021

Share "Final Year Project 2 Slide"

Copied!
11
0
0

Loading.... (view fulltext now)

Full text

(1)

FINAL YEAR PROJECT 2

FINAL YEAR PROJECT 2

NAME

NAME

:

:

MOHD

MOHD

AMIRUL

AMIRUL

AIZZAD

AIZZAD

BIN

BIN

HAMDAN

HAMDAN

ID

ID

:

:

512621121

512621121

29

29

TITLE

TITLE

:

:

EVOLU

EVOLU

TION

TION

OF

OF

IPV4

IPV4

TO

TO

IPV6

IPV6

AND

AND

SECURITY

SECURITY

ANALYSIS

ANALYSIS

SUPERV

(2)

RESULT/ANALYSIS

RESULT/ANALYSIS

ITEM

ITEM IPV4 IPV4 IPV6IPV6

Address

Address 32 32 bits bits long.long.

Various address classes are defined: A, Various address classes are defined: A, B, C, D, or E depending on initial few B, C, D, or E depending on initial few bits

bits

128 bits long. 128 bits long.

The host portion of an IPv6 address will The host portion of an IPv6 address will bebe derived from a MAC address or other derived from a MAC address or other interface identifier. interface identifier. Address Address Resolution Resolution

ARP is used by IPv4 to find a physical ARP is used by IPv4 to find a physical address, such as the MAC or link address, such as the MAC or link address, associate

address, associated with an Id with an IPv4Pv4 address.

address.

IPv6 uses

IPv6 uses Neighbor Discovery AddressNeighbor Discovery Address Resolution to map an IPv6 addresses onto Resolution to map an IPv6 addresses onto a MAC address

a MAC address Address

Address types types Three Three basic basic types: types: unicast unicast address,address, multicast address, and broadcast multicast address, and broadcast address.

address.

Three basic types: unicast address, Three basic types: unicast address,

multicast address, and anycast address multicast address, and anycast address Multicast

Multicast Addresses Addresses

uses "Class D" addresses (224.0.0.0 to uses "Class D" addresses (224.0.0.0 to 239.255.255.255) for multicast - optional 239.255.255.255) for multicast - optional

strong support for multicast. Multicast is strong support for multicast. Multicast is used extensively in IPv6

used extensively in IPv6 mechanisms, suchmechanisms, such as Router Discovery and Stateless Address as Router Discovery and Stateless Address Autoconfigura

Autoconfiguration, so tion, so support issupport is mandatory

(3)

ITEM

ITEM IPV4 IPV4 IPV6IPV6

Configurati

Configuration on Must Must configure configure a a newly newly installinstalled ed systemsystem before it can communicate with other before it can communicate with other systems

systems

Configurat

Configuration is ion is optional. IPv6 interfacesoptional. IPv6 interfaces are self-configuring using IPv6

are self-configuring using IPv6 statelessstateless auto configuration

auto configuration DHCP

DHCP DHCP DHCP is is used used to to dynamically dynamically obtain obtain anan IP addres

IP addres

DHCP does not support IPv6. DHCP does not support IPv6.

FTP

FTP FTP FTP allows allows you you to to send send and and receive receive filesfiles across networks.

across networks.

FTP does not support IPv6 FTP does not support IPv6

NAT

NAT Basic Basic firewall firewall functions functions integrateintegrated d intointo TCP/IP

TCP/IP

NAT does not support IPv6 NAT does not support IPv6

IPSEC

IPSEC IPSEC IPSEC that that have have been been modify modify from from IPv6IPv6 to work with IPv4. might not work well if to work with IPv4. might not work well if NAT is used

NAT is used

originally creat

originally created as a ed as a part of IPv6. doespart of IPv6. does not work well with NAT

(4)

Result /analysis

Result /analysis

IPv4 SITE TO SITE I

(5)
(6)

Result /analysis

Result /analysis

IPv6 SITE TO SITE I

(7)
(8)

Show crypto ipsec sa

(9)

THREAT COMPARISON

THREAT COMPARISON

TYPE

TYPE IPv4 IPv4 IPv6IPv6

Reconnaissan

Reconnaissance ce Possibility Possibility is is high high More More difficult difficult because because of of addressaddress length

length Sniffing

Sniffing attack attack Possibility Possibility is is high high More More difficult difficult because because of of IpsecIpsec Application

Application attack attack Same Same possibility possibility Same Same possibilitypossibility Flooding

Flooding attack attack Same Same possibility possibility Same possibilitySame possibility Smurf

Smurf attack attack Possibility Possibility is is high high Ipv6 Ipv6 have have no no broadcast broadcast so so smurfsmurf attack is impossible.

attack is impossible. Viruses

Viruses and and worms worms PossibiPossibility lity is is high high Worm Worm / / Viruses Viruses which which use use InternetInternet scanning for propogation will scanning for propogation will need to adapt to the vastly need to adapt to the vastly increased size of IPv6

(10)

IPv6 makes some things better/worse/different, but no

IPv6 makes some things better/worse/different, but no

more or less secure

more or less secure

Better

Better 

  Automated scanning and worm propagation i Automated scanning and worm propagation is harder due to huges harder due to huge subnets

subnets

 Link-local addressing can limit infrastructure attacksLink-local addressing can limit infrastructure attacks

 IPsec is a mandatory feature IPsec is a mandatory feature

Worse

Worse 

 Lack of familiarity with IPv6 among operatorsLack of familiarity with IPv6 among operators

 Immaturity of software Immaturity of software

(11)

CONCLUSION

CONCLUSION

From the Packet Tracer, we

From the Packet Tracer, we

can see the

can see the

different in configuration for

different in configuration for

Ipv4 and Ipv6 in

Ipv4 and Ipv6 in

term of address length, routing, packet header,

term of address length, routing, packet header,

address resolution and else.

address resolution and else.

From Gns3, the Ipsec is working as its

From Gns3, the Ipsec is working as its

stated. The data is safely

stated. The data is safely

encrypted into vpn tunnel from one end to another end.

encrypted into vpn tunnel from one end to another end.

In conclusion, Ipv6 clearly have

In conclusion, Ipv6 clearly have

more advantage than ipv4. ipv6

more advantage than ipv4. ipv6

have more robust security thus will benefit the user from

have more robust security thus will benefit the user from

threat such

threat such

as scan attack, reconnaissance and Ip

as scan attack, reconnaissance and Ip

sweep.

sweep.

References

Related documents

– Packets destined for anycast address are delivered to the “nearest” interface. – Subnet router anycast

– All IPv6 LANs / Subnets are IPv6 Mobile Ready All IPv6 LANs / Subnets are IPv6 Mobile Ready. u IPv6 Neighbor Discovery and Address IPv6 Neighbor Discovery

IPv6 supports stateless address configuration, in which, an IPv6 node can obtain its IPv6 address (called site-local addresses) by combining a network prefix that it learns from

WHEREAS, if the ARTIST'S DESIGN is the winning entry for use on the 2017/2018 STAMP, the ARTIST agrees to the conditions concerning reproduction rights contained in

IPv6 options IPv6 over Ethernet, dual stack, IPv6 over IPv4 network with Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel, IPv6 neighbor discovery, stateless

IPv6 options IPv6 over Ethernet, dual stack, IPv6 over IPv4 network with Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel, IPv6 neighbor discovery, stateless

By default, the device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing ICMPv6 packets. Enabling IPv6 local

Workshop on Strategic Executive Leadership International Bank of Qatar 5/20/2010 12/20/2010 Business & Management Training of Medical Services Director Qatar Petroleum