Operational Security Considerations for IPv6 Networks

Operational Security Considerations for IPv6 Networks K. Chittimaneni, E. Vyncke, M. Kaeo RIPE65, September 27, 2012 Amsterdam, Netherlands

Document Intro • Why write this? • Consolidated document for IPv6 security best practices • What does it cover? • Generic Security Considerations - Addressing Architecture - Link-Layer Security - Control Plane Security - Routing Security - Logging/Monitoring - Transition/Coexistence Technologies - General Device Hardening • Enterprise Specific Security Considerations • ISP Specific Security Considerations • Residential Specific Security Considerations

Want Operator Updates • Is anyone using RTBH and uRPF for IPv6? • What are most effective logging mechanisms and possible issues to be resolved? • What are ND/RA rate limiting parameters that are deployed? • Is anyone using SeND / CGA? • Overall review to get most up-to-date deployment best practices

ToDo • Solicit feedback from global ops communities • http://tools.ietf.org/html/draft-ietf-opsec-v6-00 • https://www.ietf.org/mailman/listinfo/opsec • Continue to work with v6ops and homenetWGs to avoid overlaps or conflicts

Q&A THANK YOU!

Operational Security Considerations for IPv6 Networks

Operational Security Considerations for IPv6 Networks

Presentation Transcript

IPv6 Public Policy Considerations

Special Operational Considerations

Security Assessments of IPv6 Networks and Firewalls

Operational Considerations for Crowds and Mobs

IPv6 Security

IPv6 Security

IPv6 Security

Operational considerations

IPV6 SECURITY

IPv6 Address Accountability Considerations

IPv6 Routing Considerations

Operational Security

IPv6 Security

Hacking IPv6 Networks

Operational Experience with IPv6

Security Considerations for IEEE 802.15.4 Networks

Operational Security Considerations for IPv6 Networks

Practical Operational Considerations

IPv6 Security

Operational Experience with IPv6

Hacking IPv6 Networks