Leslie Daigle - IPv6 Global Deployment – Momentum and Milestones
Zaccone Carmelo - IPv6 and security from a user’s point of view
1. IPv6 and security from a user’s point of view AWT.be ir. Zaccone Carmelo Expert within the ‘Pôle Veille Technologique et Juridique’ Agence Wallonne des Télécommunications
2. Agenda Quick overview of network security considerations The AWT.be’ safe/secure IPv6 deployement scenario Conclusions: the errors, mistakes and lessons learned
55. from v6 capable host servers point of viewSetting up the beta-employee & beta-guest dual stacks networks dedicated IPv6 network segments different than the v6 only LANs combining users v4 & v6 subnets on the same VLAN combining guest v4 & v6 subnets on the same VLAN Setting up the dual stacks DMZ servers farm zone dedicated IPv6 network segment different than the v6 only DMZ combining DMZ v4 & v6 subnets on the same VLAN removing the reverse-proxy http, ftp, the slave dns enabling (stack + apps) IPv6 support on Linux production servers (MS windows’ll come next year with migration to server2008)
56. Agenda Quick overview of network security considerations The AWT.be’ safe/secure IPv6 deployement scenario Conclusions: the errors, mistakes and lessons learned
57.
58. FW v6ACL must take care of more ICMP messages than in v4
66. AWT uses DNS CNAME for the websites virtual hosts-> some public websites (not in the rproxy) became ‘down’ for IPv6 internet users (we discovered it by analysing our v6 FW logs)
67.
68. some internal websites (not in the rproxy) became ‘down’ for AWT users when dual stack was turned on.
74. direct public IP reachability, so take care to host local services (e.g. file share)
75.
76. IPv6 and security from a user’s point of view AWT.be ir. Zaccone Carmelo Expert within the ‘Pôle Veille Technologique et Juridique’ Agence Wallonne des Télécommunications