Dear Readers,
It’s me again with another teaser for an upcoming workshop at the IPv6 Security Summit. This one is a classic! If you happen to deploy IPv6 in your environment in the near future, but didn’t had the time to think about the security implications, this workshop is the right place to start.
We will start the workshop with a quick refresher of the core behavior of IPv6 to make sure that every attendee is on the same page. Before we start discussing and demonstrating various IPv6 attacks, we dive into (a little more abstract) topic of why IPv6 security actually isn’t that easy to implement. We will continue with IPv6 attacks targeted at the local link. Rafael and I will introduce commonly used IPv6 attack tools as well as performing various attacks in a dedicated lab environment. Every attendee is encouraged to participate in these exercises. We will provide you with the necessary tools; you just have to bring a laptop with (ideally) Linux installed. We will prepare some virtual machines including VMware Player in case your corporate laptop runs Windows.
After the various exercises we will discuss what can be done (from a defenders’ pov) to mitigate the presented attacks. I will introduce the general concept of First-Hop-Security in the IPv6 world and give general recommendations on how and where these features should be deployed. After the discussion about attacks and defenses in the local network we will move forward to attacks which can be realized from remote (e.g. the Internet). I will explain the underlying problem of those attacks and we will of course discuss defense strategies for your those parts of your infrastructure reachable from untrusted networks (Internet, business partners). The last part will cover recommendations what should be filtered on the network edge (e.g. specific ICMPv6 messages) to ensure the stable operation of your network gear.
After the workshop you will know everything you need to know about basic IPv6 security and can use that knowledge to implement reasonable controls in your network to secure IPv6.
Sounds interesting? The sign up page is just one click away 🙂 We would love to welcome you to Heidelberg in March!
All the best,
Christopher