1 / 11

Security IPv4 vs. IPv6 Is there a difference?

Security IPv4 vs. IPv6 Is there a difference?. Greg Travis Indiana University greg@iu.edu. In the beginning…. The Internet was infinitesimally small, and no one could comprehend its role in the future of society Networks, as they grew, were built and run by benevolent lords

saxon
Download Presentation

Security IPv4 vs. IPv6 Is there a difference?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SecurityIPv4 vs. IPv6Is there a difference? Greg Travis Indiana University greg@iu.edu

  2. In the beginning… • The Internet was infinitesimally small, and no one could comprehend its role in the future of society • Networks, as they grew, were built and run by benevolent lords • The security concern of the time was simply a nuclear war

  3. In the beginning… • Security was the concern of the government • Cryptography was within the realm of dark projects • “Secure” communications were defined by the NSA

  4. The IETF said “let there be Autonomous Systems and routing protocols” • and Internet grew and grew • The NSF said “let there be commercialization” • and the Internet grew and grew and grew • Cisco said “let there be e-commerce” • and Cisco grew and grew

  5. In 1993 the IETF said “the sky is falling” • Current state-of-the-art routers couldn’t hold the entire routing table • It was projected that class-B addresses, and eventually all addresses, would be exhausted • Creative IETF members said “we can fix things”, but each had his own plan

  6. “If you’re giving away ice-cream, make sure the scoops are small” • The IETF said “let there be CIDR” • and classless interdomain routing became the efficient way to dole out IP addresses • Others in the IETF said “CIDR is nice, but we’re still going to run out of ice-cream” • “wouldn’t it be nice to have an astronomical amount of ice-cream, they wondered” • Two years later, the IETF invented the equivalent of an astronomical amount of ice-cream: IPv6

  7. Around the same time they were solving the ice-cream problem, the IETF also was dealing with security • SSL was standardized - now TCP connections could be encrypted without the user messing around with keys or passphrases • Standards were emerging for securing the network at the IP layer (would later be called IPSEC)

  8. The difference between “may” and “must” • The IPv6 IETF standard (RFC ) specifies that a full implementation of IPv6 MUST support certain components of IPSEC • IPv4, which was defined before IPSEC, MAY support IPSEC • In reality, some IPv6 stacks don’t support IPSEC and many IPv4 stacks do. • There are no additional security features if IPv6! In fact, IPv4 does have additional required security features (but they’re not used)

  9. IPv6 does have an astronomical number of addresses • This does allow for the flexibility to build network topologies which support attribution at the network layer. • You can make quite a mess with an astronomical amount of ice-cream.

  10. The argument for IPv6 is to maintain the flexibility of supporting the end-to-end network model. IMHO, it has nothing to do with security

  11. Want to make a network less secure, migrate to IPv6 early

More Related