IPv6 security webinar

Not surprisingly, IPv6 has almost the same set of security problems as IPv4. Even worse, some of the things we’ve already solved in IPv4 (fragmented TCP/UDP headers) haven’t been ported to IPv6, and implementations of IPv6 security features lag far behind their IPv4 counterparts.

The upcoming IPv6 security webinar (register here) describes these problems, and I managed to get the best possible guest speaker: Eric Vyncke (the author of the IPv6 Security Cisco Press book) will tell you all about the IPv6 security features available in Cisco IOS.

3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Yes, it´s sad, on many (edge) switches, "ND snooping" features are easily bypassed by THC, blocking fragmented IPv6 packets inbound is not possible, e.g. HP:

    http://h30499.www3.hp.com/t5/Comware-Based/Securing-IPv6-on-A-series-Comware-5-2/td-p/2380573

    What about other vendor´s impementations? Cisco, Juniper, Foundry, Extreme,...?


    Apropos IPv6 security, this might be interesting for you:
    http://www.keithobrien.org/uploads/1/0/8/1/10819770/ipv6_security_talk_2012.pdf

    P.S. google cache is evil.

    ReplyDelete
  3. honestly the recent security breakages and the whole NSA thing teaches us one thing. Most security are like tank obstacles in war, they hold off attackers only for a period of time. The best security is the fear of criminal punishment. The more realistic is the dread of getting caught for trying to code inject someone's shoestore website, less the chance of some kid trying out what he learned in his security class in college.
    Political attacks are obviously more motivated, but recreational attackers would be greatly deterred.
    That's why you don't see lot of graffiti in NY anymore. They know that if the cops see them jumping over fences to spraypaint someone's gate, they'll get a maple syrup enema.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.