Addressing IPv6 Vulnerabilities on Small Business Networks

Bradley Haines Vincent Pullano

University of CincinnatiCollege of Education, Criminal Justice, and Human Services

May 7, 2012

2B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Problem Description• Describe Solution• Intended Use• Deliverables• Demonstration• Conclusion• Questions

Overview

3B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• IPv6 link-local networks• Improperly implemented

networks• Poor hardware IPv6

support• Growing number of

vulnerabilities• Lack of publicly available

preconfigured/easy to use IPv6 monitoring solutions

Problem

4B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Preconfigured IDS– Monitor network, send alerts– Ease of use top priority– SecurityOnion, Linux IDS-centric Distro– Snort sensor, OSSEC Web GUI/Notifier

• Initial quick setup document• Primer of known IPv6 Vulnerabilities• Reference of proper implementation

Solution - Overview

5B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Popular intrusion detection system• CLI based, not easy for casual users• Displays alerts, but not always easy to

understand• No immediate overview of network health

Solution – IDS – Snort

6B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• GUI frontend to Snort• Easy to view events• Reporting capabilities• Simple custom

alerting• Email alerts• Minimal configuration

Solution – IDS – OSSEC

7B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

Solution – Diagram

8B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Small business system/network administrators• No dedicated security team• No IPv6 considerations internally• No time to learn and set up complex

integrated systems

Intended Use

9B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Implement Snort/OSSEC on Security Onion VM• Create vulnerability triggers for Snort• Configure IDS to send detection alerts• Configure IDS Web GUI• Primer on known vulnerabilities• Guide to further resources for implementing

IPv6 securely

Deliverables

10B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• Vulnerability triggering alert– RH0 amplification attack

• Snort IPv6 Rules• Email alerts to administrator

Demonstration

11B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

• IPv6 networks are vulnerable• Off the shelf, low cost, configured IPv6

monitoring doesn’t exist• Our IDS makes it easy to monitor small

networks

Conclusion

12B. Haines / V. Pullano

Addressing IPv6 Vulnerabilities on Small Business Networks

Questions?