nanog mailing list archives
Re: IPv6, IPSEC and deep packet inspection
From: Hank Nussbacher <hank () mail iucc ac il>
Date: Sat, 1 Jan 2005 18:43:55 +0200 (IST)
On Fri, 31 Dec 2004, Stephen Sprunk wrote:
Are there any layman-readable presentations or whitepapers out there that discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL tuning might be different?
Try the Networkers 2004 IPv6 security session (SEC-A01) from 3 weeks ago. Abstract: "IPv6 is seeing increased deployments worldwide and is expected to ramp up significantly specially in Europe. Much of the existing security discussion around IPv6 has focused on its inclusion of IPsec. While the confidentiality, integrity, and authentication features of IPsec are clearly useful, IPsec is not enough to securely deploy IPv6. This session will present IPv6 security as contrasted with IPv4 from a threats perspective. Common threats you may be familiar with in IPv4 will be compared to how those threats may evolve in IPv6. The counter-measures for IPv6 threats will be presented (including access control and firewalling). Potential best practices for the use of IPv6 in a dual-stack mode in an Internet edge, tunnelling will be presented as well. The focus will be on medium to large organizations but Service Providers will probably find this session helpful." Problem is to get to the PDF you need authorization: https://www28.cplan.com/cbc_export/PS_SEC-A01_268410_76-1_FIN_v1.pdf You can get an earlier version off of Sean's page at: http://www.seanconvery.com/ipv6.html Might be worthwhile to review much of what is on that page! -Hank
Current thread:
- Re: IPv6, IPSEC and deep packet inspection Christopher L. Morrow (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Sean Donelan (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection bmanning (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Hank Nussbacher (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nicolas FISCHBACH (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Kevin Oberman (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Manish Karir (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nils Ketelsen (Jan 04)