nanog mailing list archives

Re: Seeking IPv6 Security Resources

From: Enno Rey <erey () ernw de>
Date: Thu, 27 Nov 2014 01:21:09 +0100

Hi,

On Wed, Nov 26, 2014 at 08:54:07AM -0500, Joe Klein wrote:

Chris,

Are you aware IPv6 has 3 or arguably 4 major generations of standards?

Each generation requires nuanced defense strategies, based on which clauses
("must" and "should") were implemented. Some of the derived security works,
do not reflect, and in some cases contradict current security
recommendations.


both very good points, Joe, which I fully second.
This is - to some degree - discussed in this talk:
https://www.ernw.de/download/TROOPERS_IPv6SecSummit_ERNW_IPv6_Structural_Deficits.pdf

which I suggest to add to the resource list in compilation.
[disclaimer: I'm the author]

best

Enno






 The perceived newness of the technology, and ambiguities

of recommendations have resulted in 'pushback' by the security community to
implement IPv6. This has forced us to continue with the implement of IPv6
and 'trust' the vender recommendations, based on the limitations of that
venders products.

In the cracks, between the standards and implementation of these standards,
are where security vulnerabilities exist, compromises lay, and defenses
crumble.

Joe Klein
"Inveniam viam aut faciam"

On Tue, Nov 25, 2014 at 3:32 PM, Chris Grundemann <cgrundemann () gmail com>
wrote:

Hail NANOG!

I am looking for IPv6 security resources to add to:
http://www.internetsociety.org/deploy360/ipv6/security/

These could be best current practice documents, case-studies,
lessons-learned/issues-found, research/evaluations, RFCs, or anything else
focused on IPv6 security really.

I'm not requesting that anyone do any new work, just that you point me to
solid public documents that already exist. Feel free to share on-list or
privately, both documents you may have authored and those you have found
helpful.

Thanks!
~Chris

Note: Not every document shared will get posted to the Deploy360 site.

--
@ChrisGrundemann
http://chrisgrundemann.com


-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================

Current thread:

Seeking IPv6 Security Resources Chris Grundemann (Nov 25)
- Re: Seeking IPv6 Security Resources Franck Martin (Nov 25)
- Re: Seeking IPv6 Security Resources Arturo Servin (Nov 26)
  - Re: Seeking IPv6 Security Resources Marco Davids (Nov 26)
- Re: Seeking IPv6 Security Resources Joe Klein (Nov 26)
  - Re: Seeking IPv6 Security Resources Enno Rey (Nov 26)
- Re: Seeking IPv6 Security Resources Fernando Gont (Nov 26)
- <Possible follow-ups>
- Re: Seeking IPv6 Security Resources Scott Weeks (Nov 25)