SlideShare une entreprise Scribd logo

ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

Priyanka Aash
Priyanka Aash

Presented by Fernando Gont who specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas.

FormationTechnologie
1  sur  15
Why Should You Worry About IPv6 Security Even If Your Network Runs On IPv4? Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
Motivation for this presentation ● ● Widespread idea: “I do not need to care about IPv6 security because my network runs on IPv4” Possible approaches: Option #1 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 Option #2 © 2013 SI6 Networks. All rights reserved Option #3
Myth: “My network does not support IPv6” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
Myth: IPv4-only networks ● Most operating systems support IPv6 and enable it by default ● IPv6 connectivity is just “dormant”: ● ● Waiting for “activation” -- legitimate or otherwise Most networks have (at least) partial deployment of IPv6 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
IPv6/IPv4 co-existence (how the two protocols are glued together) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
IPv6/IPv4 co-existence ● For every domain name, the DNS may contain: ● ● ● ● A resource records (IPv4 addresses), and/or, AAAA (Quad-A) resource records (IPv6 addresses) Host may query for A and/or AAAA resource records Based on the available resource records, supported protocols, and local policy, IPv6 and/or IPv4 could be employed CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
How can IPv6 be exploited? CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
How can IPv6 be exploited? ● An attacker poses as a local router/server ● ● ● ● e.g. responds to DHCPv6 requests An attacker possibly forges DNS responses This allows for e.g. IPv6-based Man In The Middle (MITM) attacks You might not even detect these attacks if you are not prepared CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Mitigating IPv6 implications (on “IPv4-only” networks) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
Mitigating IPv6 implications ● Deploy IPv6-security controls ● ● ● Same as you do for IPv4 Might be difficult to implement Filter IPv6 traffic on your network ● ● ● Native traffic (ideally at layer 2) Tunnels (Teredo, etc.) Whatever the outcome, it should be the result of an explicit decision CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
VPN traffic leakages (the good, the bad, and... the ugly) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
VPN leakages ● Typical scenario: ● You connect to an insecure network ● You establish a VPN with your home/office ● Your VPN software does not support IPv6 ● An attacker (or legitimate system!) triggers IPv6 connectivity ● Your traffic now goes in the clear... ● ... while you thought your traffic was being secured CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Mitigating VPN leakages ● Short answer: Disable IPv6 support on your laptop when employing VPNs CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Thankyou's ● Priyanka Aash ● Bikash Barai ● Devesh Bhatt ● CISO Platform 2013 PC CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved

Recommandé

ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash
 
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleedCiso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Priyanka Aash
 
A sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir ValtmanA sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir Valtman
Priyanka Aash
 
Ciso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woodsCiso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woods
Priyanka Aash
 
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
Priyanka Aash
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Priyanka Aash
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 

Recommandé

ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash
 
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleedCiso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Ciso platform-annual-summit-2014-antti-karjalainen-dicoverer-of-heartbleed
Priyanka Aash
 
A sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir ValtmanA sprint to protect POS by Nir Valtman
A sprint to protect POS by Nir Valtman
Priyanka Aash
 
Ciso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woodsCiso platform annual summit 2014 beau woods
Ciso platform annual summit 2014 beau woods
Priyanka Aash
 
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
ciso-platform-annual-summit-2013-South asia cyber security landscape post sno...
Priyanka Aash
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Priyanka Aash
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
SalmenHAJJI1
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
All Things Open
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
Jeremy Schulman
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
Tom Paseka
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
Paul Tanner
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
Phillip Maddux
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
Zivaro Inc
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
mfrancis
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
Internet Society
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
Rod Flohr
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 

Contenu connexe

Similaire à ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
Babaa Naya
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
mfrancis
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
Rod Flohr
 

Similaire à ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic (20)

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
 
What's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim WardWhat's happening in the OSGi IoT Expert Group? - Tim Ward
What's happening in the OSGi IoT Expert Group? - Tim Ward
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel Tour
 

Plus de Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Plus de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Dernier

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
fonyou31
 

Dernier (20)

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 

ciso-platform-annual-summit-2013-ipv6-implications-on-ipv4-nets-dynamic

  • 1. Why Should You Worry About IPv6 Security Even If Your Network Runs On IPv4? Fernando Gont CISO Platform Annual Summit Mumbai, India. November 15-16, 2013
  • 2. Motivation for this presentation ● ● Widespread idea: “I do not need to care about IPv6 security because my network runs on IPv4” Possible approaches: Option #1 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 Option #2 © 2013 SI6 Networks. All rights reserved Option #3
  • 3. Myth: “My network does not support IPv6” CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 3 © 2013 SI6 Networks. All rights reserved
  • 4. Myth: IPv4-only networks ● Most operating systems support IPv6 and enable it by default ● IPv6 connectivity is just “dormant”: ● ● Waiting for “activation” -- legitimate or otherwise Most networks have (at least) partial deployment of IPv6 CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 5. IPv6/IPv4 co-existence (how the two protocols are glued together) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 5 © 2013 SI6 Networks. All rights reserved
  • 6. IPv6/IPv4 co-existence ● For every domain name, the DNS may contain: ● ● ● ● A resource records (IPv4 addresses), and/or, AAAA (Quad-A) resource records (IPv6 addresses) Host may query for A and/or AAAA resource records Based on the available resource records, supported protocols, and local policy, IPv6 and/or IPv4 could be employed CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 7. How can IPv6 be exploited? CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 7 © 2013 SI6 Networks. All rights reserved
  • 8. How can IPv6 be exploited? ● An attacker poses as a local router/server ● ● ● ● e.g. responds to DHCPv6 requests An attacker possibly forges DNS responses This allows for e.g. IPv6-based Man In The Middle (MITM) attacks You might not even detect these attacks if you are not prepared CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 9. Mitigating IPv6 implications (on “IPv4-only” networks) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 9 © 2013 SI6 Networks. All rights reserved
  • 10. Mitigating IPv6 implications ● Deploy IPv6-security controls ● ● ● Same as you do for IPv4 Might be difficult to implement Filter IPv6 traffic on your network ● ● ● Native traffic (ideally at layer 2) Tunnels (Teredo, etc.) Whatever the outcome, it should be the result of an explicit decision CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 11. VPN traffic leakages (the good, the bad, and... the ugly) CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 11 © 2013 SI6 Networks. All rights reserved
  • 12. VPN leakages ● Typical scenario: ● You connect to an insecure network ● You establish a VPN with your home/office ● Your VPN software does not support IPv6 ● An attacker (or legitimate system!) triggers IPv6 connectivity ● Your traffic now goes in the clear... ● ... while you thought your traffic was being secured CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 13. Mitigating VPN leakages ● Short answer: Disable IPv6 support on your laptop when employing VPNs CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 14. Thankyou's ● Priyanka Aash ● Bikash Barai ● Devesh Bhatt ● CISO Platform 2013 PC CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved
  • 15. Thanks! Fernando Gont fgont@si6networks.com www.si6networks.com CISO Platform Annual Summit Mumbai, India. November 15-16, 2013 © 2013 SI6 Networks. All rights reserved