1 / 8

Enhancing Security with IPv6: Addressing IPsec and Privacy

Explore the benefits of using IPv6 for improved security, including the use of IPsec, address privacy, and enhanced availability. Learn how IPv6 simplifies security measures and supports multiple addresses per host.

lindajackson
Download Presentation

Enhancing Security with IPv6: Addressing IPsec and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and IPv6 Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb

  2. Areas of Improvement • IPsec • No NATs • Address privacy • Availability

  3. IPsec • Protects all upper-layer protocols. • Requires no modifications to applications. • But smart applications can take advantage of it. • Useful for host-to-host, host to gateway, and gateway-to-gateway. • Latter two used to build VPNs.

  4. Doesn’t IPsec work with IPv4? • Yes, but… • It isn’t standard with v4. • Few implementations support host-to-host mode. • Even fewer applications can take advantage of it.

  5. No NATs • NATs break IPsec, especially in host-to-host mode. • With no NATs needed, fewer obstacles to use of IPsec. • Note carefully: NATs provide no more security than an application-level firewall.

  6. Address Switching • Hosts can pick new addresses frequently. • Prevents tracking of usage. • Using separate IP address per process group can simplify firewalls.

  7. Availability • Multiple addresses per host help with multihoming. • Autorenumbering permits switching providers without downtime. • Autoconfiguration helps prevent mistakes.

  8. Conclusions • IPv6 gives a noticeable -- though not dramatic -- improvement in security. • Much of the improvement comes from standard, usable, IPsec. • The very large address space may provide for other, innovative security mechanisms.

More Related