Security implication of mixed IPv4/IPv6 network Jun-ichiro itojun Hagino, KAME/IIJ research lab itojun@{kame,iijlab}.net %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% About this silde "start brainstorm" slide, may not be complete, may not be enough top-down view of security in mixed IPv4/v6 network %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Basically... In a simple dual stack network we can totally separate IPv4 security and IPv6 security secure IPv4 secure IPv6 you're done IPv4 can be NAT'ed, firewalled, whatever IPv6 should better be end-to-end security something better than firewall %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% IPv6 security We need a new model for security for leaf sites, which is much more flexible than the firewalls nowadays Otherwise most of the corporate IPv6 networks will continue to implement outgoing-only limitation (like one-way TCP filter), and there'll be no p2p apps deployment Firewall model really needs to be revisited anyways Does not solve email viruses and/or abuse from inside Every nodes need to be secure by its own OS vendors must take a security stance %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% IPv6/v4 transition technology and security draft-itojun-ipv6-transition-abuse-xx.txt Tunnel endpoint Injection of malicious packet (anonymize) 6to4 relay, packet-based translators Anonymize, bad echo, generate malicious traffic (like broadcast) translators in general access control, theft of bandwidth, generate malicious traffic IPv4 mapped address/SIIT Anonymize, bad echo, ambiguity of identity can inject traffic from IPv6 <-> IPv4 DoS DHCPv6 servers (-> DSTM), any infrastructure servers %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Missing pieces Securing IPv6 routing protocol exchange "use IPsec" is not enough linklocal multicast all routing documents needs updating %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Other issues? -end