addressing ipv6 vulnerabilities on small business networks bradley hainesvincent pullano university...
TRANSCRIPT
Addressing IPv6 Vulnerabilities on Small Business Networks
Bradley Haines Vincent Pullano
University of CincinnatiCollege of Education, Criminal Justice, and Human Services
May 7, 2012
2B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Problem Description• Describe Solution• Intended Use• Deliverables• Demonstration• Conclusion• Questions
Overview
3B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• IPv6 link-local networks• Improperly implemented
networks• Poor hardware IPv6
support• Growing number of
vulnerabilities• Lack of publicly available
preconfigured/easy to use IPv6 monitoring solutions
Problem
4B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Preconfigured IDS– Monitor network, send alerts– Ease of use top priority– SecurityOnion, Linux IDS-centric Distro– Snort sensor, OSSEC Web GUI/Notifier
• Initial quick setup document• Primer of known IPv6 Vulnerabilities• Reference of proper implementation
Solution - Overview
5B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Popular intrusion detection system• CLI based, not easy for casual users• Displays alerts, but not always easy to
understand• No immediate overview of network health
Solution – IDS – Snort
6B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• GUI frontend to Snort• Easy to view events• Reporting capabilities• Simple custom
alerting• Email alerts• Minimal configuration
Solution – IDS – OSSEC
7B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
Solution – Diagram
8B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Small business system/network administrators• No dedicated security team• No IPv6 considerations internally• No time to learn and set up complex
integrated systems
Intended Use
9B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Implement Snort/OSSEC on Security Onion VM• Create vulnerability triggers for Snort• Configure IDS to send detection alerts• Configure IDS Web GUI• Primer on known vulnerabilities• Guide to further resources for implementing
IPv6 securely
Deliverables
10B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• Vulnerability triggering alert– RH0 amplification attack
• Snort IPv6 Rules• Email alerts to administrator
Demonstration
11B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
• IPv6 networks are vulnerable• Off the shelf, low cost, configured IPv6
monitoring doesn’t exist• Our IDS makes it easy to monitor small
networks
Conclusion
12B. Haines / V. Pullano
Addressing IPv6 Vulnerabilities on Small Business Networks
Questions?