In the interim we’ve worked on the agenda of next year’s IPv6 Security Summit (for those not familiar with the event, here’s the 2015 edition and here the one of 2014), and some new talks have been added.
Rafael Schaefer: Advanced IPv6 Attacks Using Chiron. Hands-On Workshop
Outline: During the IPv6 Security Summit at Troopers 14, Chiron, an all-in-one IPv6 penetration testing framework was released publicly for first time. Since then, the advanced features of Chiron were used to discover some 0-day evasion techniques against high-end commercial and open-source Intrusion Detection / Prevention Systems. Moreover, for Troopers 15 it was enhanced with new features, like advanced MLD support and a fake DHCPv6 server, which can be combined with its other features, like the use of arbitrary Extension Headers and fragmentation to leverage really advanced attacks.
In this workshop, after a quick refreshing to the basic capabilities of Chiron, we will focus on the advanced IPv6 functionalities that the framework offers. We will not only show how to reproduce the latest published IPv6 attacks, but moreover, how you can create your own arbitrary IPv6 attacking scenarios for your own security assessments or penetration testing purposes. A lab will be set up in order not only to reproduce the presented techniques, but to also try your skills and – why not – to discover your own 0-day techniques :).
Requirements: No programming experience or prior knowledge of Chiron are required. Some necessary (but not very basic) IPv6 theory will also be given to better explain the demonstrated IPv6 attacks. Bring your own Linux device with Python installed, or your favourite Operating System with VirtualBox, and you are good to go (source code and virtual images with all what you need will be provided).
Bio: Rafael has studied computer science with a specialization in telecommunication at the Bonn-Rhein-Sieg University of Applied Sciences (Department of Computer Science). His research interests include network and IPv6 security issues. He wrote his (highly rated) bachelor thesis on “IDS – Recognition and Validation of IPv6 Extension Header” and works as a security analyst at ERNW GmbH. He has presented on IPv6 security issues at several occasions, incl. Black Hat Sao Paulo, Black Hat Asia, Black Hat Europe, Troopers and Hack.lu.
Enno Rey: Developing an Enterprise IPv6 Security Strategy
Synopsis: Usually IPv6 planning projects include at least three main documents: a road map, an address concept & plan and an IPv6 security concept. In this talk I’ll focus on the latter and I will lay out typical steps needed to come up with a set of IPv6 security controls (both on the infrastructure and on the host/endpoint layer) suited to provide adequate IPv6 security in enterprise organizations, in an operationally feasible way.
Bio: Enno is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.
Eric Vyncke: Security Aspects of IPv6 Multi-Interface and Source/Destination Routing
Synopsis: Recent works in the MIF, routing working groups of the IETF are about supporting simultaneous use of several interfaces as well as discovering the provisioning domain (PvD): default search domain, recursive DNS servers, prefix to be used, …
Another recent topic is about source/destination routing where the source address is also used in the forwarding decision.
The talk will briefly present those recent work items, then it will focus on their security impacts (denial of service, spoofing, …).
Bio: Eric Vyncke is a Distinguished Engineer based in the Brussels office of Cisco Systems. His main current technical focus is about security and IPv6. He has designed several secured large IPsec networks and other security related designs. In his work for the IETF, he co-authored RFC 3585, 5514, 7381 and 7404 and is active in V6OPS, 6MAN and OPSEC working groups. His recent works are related to IPv6 including co-authoring a book on IPv6 Security; he also authored a book on layer-2 security. Eric is the current co-chair of the Belgian IPv6 Council. www.vyncke.org/ipv6status is well-known for several years to collect statistics about IPv6 deployment. He is also a visiting professor for security topics at the University of Mons. He is an adjunct professor at HEC, the business school of University of Liège, Belgium. He holds a CISSP certification, is a member of ISSA and speaks frequently at international conferences. He’s presented at Troopers several times, like in 2015 on Segment Routing.
- His book on IPv6 security: http://www.ciscopress.com/store/ipv6-security-9781587055942
- Twitter: @evyncke
Christopher Werny & Rafael Schaefer: Basic IPv6 Attacks & Defenses. Hands-On Workshop
Outline: This is a Troopers IPv6 Security Summit classic! It’s an introductory workshop to attacks in IPv6 networks and associated protection strategies/approaches. We will cover all relevant available tools and play with them, including hands-on sessions (mostly with Cisco devices, HP can be included on request, see also below) for the participants.
For all attacks covered mitigation strategies will be discussed, together with an evaluation as for their actual security benefit and operational feasibility.
Requirements: Bring your own device (a laptop with ssh & rdp)
Bio: Christopher has been involved with IPv6 since 2005 and has performed a number of IPv6 planning, implementation and troubleshooting projects & tasks since then. He leads the network security team at ERNW.
Enno Rey: Business Partner Connections in the Age of IPv6 – A Discussion of Approaches and Their Properties
Synopsis: Connecting business partners is the subject of fierce debates in many IPv6 planning teams, as existing architectures from the IPv4 world can not easily be transformed to an IPv6 world for a number of technical reasons and because the overall addressing strategy will change in quite some organizations. In this talk I will discuss potential approaches, together with an evaluation of their respective advantages/disadvantages and I will try to provide an outlook which types of challenges we’ll see in complex setups (and, maybe, how to solve them).
Christopher Werny: IPv6 First Hop Security Features on HP Devices
Synopsis: In this talk I’ll provide an overview which IPv6 First Hop Security (FHS) features are currently available on HP Comware based devices, how those are configured and what actually works (or doesn’t). We will have some devices in the room (and this talk will be open end) so we can even explore things in a practical way, next to a number of demos being part of the talk anyway.
===
We wish everybody a Merry Christmas and a Happy New Year!
Enno