1 / 8

Security and IPv6

Security and IPv6. Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb. Areas of Improvement. IPsec No NATs Address privacy Availability. IPsec. Protects all upper-layer protocols. Requires no modifications to applications.

lindajackson
Download Presentation

Security and IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and IPv6 Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb

  2. Areas of Improvement • IPsec • No NATs • Address privacy • Availability

  3. IPsec • Protects all upper-layer protocols. • Requires no modifications to applications. • But smart applications can take advantage of it. • Useful for host-to-host, host to gateway, and gateway-to-gateway. • Latter two used to build VPNs.

  4. Doesn’t IPsec work with IPv4? • Yes, but… • It isn’t standard with v4. • Few implementations support host-to-host mode. • Even fewer applications can take advantage of it.

  5. No NATs • NATs break IPsec, especially in host-to-host mode. • With no NATs needed, fewer obstacles to use of IPsec. • Note carefully: NATs provide no more security than an application-level firewall.

  6. Address Switching • Hosts can pick new addresses frequently. • Prevents tracking of usage. • Using separate IP address per process group can simplify firewalls.

  7. Availability • Multiple addresses per host help with multihoming. • Autorenumbering permits switching providers without downtime. • Autoconfiguration helps prevent mistakes.

  8. Conclusions • IPv6 gives a noticeable -- though not dramatic -- improvement in security. • Much of the improvement comes from standard, usable, IPsec. • The very large address space may provide for other, innovative security mechanisms.

More Related