2 research outputs found
Analysis of IPv6 through Implementation of Transition Technologies and Security attacks
IPv6 provides more address space, improved address design, and greater security than IPv4. Different transition mechanisms can be used to migrate from IPv4 to IPv6 which includes dual stack networks, tunnels and translation technologies. Within all of this, network security is an essential element and therefore requires special attention. This paper analyses two transition technologies which are dual stack and tunnel. Both technologies are implemented using Cisco Packet Tracer and GNS3. This work will also analyse the security issues of IPv6 to outline the most common vulnerabilities and security issues during the transition. Finally, the authors will design and implement the dual stack, automatic and manual tunnelling transition mechanisms using Riverbed Modeler simulation tool to analyse the performance and compare with the native IPv4 and IPv6 networks
Implementaci贸n de un prototipo como sistema detector de intrusos para detectar ataques dirigidos al protocolo IPV6 desarrollado con herramientas Open Source.
El trabajo de investigaci贸n increment贸 la seguridad de la red local mediante la detecci贸n
de ataques dirigidos al protocolo IPv6 que pueden comprometer la confidencialidad,
integridad y disponibilidad. Se compararon los indicadores considerados en las variables
y se aplic贸 la estad铆stica descriptiva e inferencial para la demostraci贸n de la hip贸tesis.
Las herramientas software utilizadas fueron: Virtual Box que permiti贸 la virtualizaci贸n de
las distribuciones Linux, Security Onion distribuci贸n especializada en sistemas
detectores de intrusos, Snort como motor del sistema detector, Graylog como gestor de
logs IPv6, la suite TCHIPv6 como generador de trafico IPv6 malicioso y Wireshark como
herramienta de an谩lisis de tramas del tr谩fico IPv6. Se desarroll贸, implement贸 y compar贸
los resultados obtenidos al trabajar sobre la red local de la Facultad de Inform谩tica y
Electr贸nica de la ESPOCH, entre los prototipos I (Security Onion utilizando las reglas
personalizadas y acoplado el m贸dulo de gesti贸n de logs) y II (Security Onion utilizando
las reglas oficiales de Snort) los cuales obtuvieron una valoraci贸n de 16 y 4 puntos de
acuerdo a las escalas de Likert respectivamente. Se concluye que el sistema propuesto
detecta y gestiona las alertas de intrusi贸n mejorando tres veces el nivel de seguridad
dentro de la red local. Se recomienda a los estudiantes o profesionales interesados en
el tema dar continuidad al an谩lisis de patrones anormales de tr谩fico IPv6 con el objetivo
de incrementar el n煤mero de alertas IPv6 de detecci贸n.The research work has increased security on the local network by detecting attacks
targeting the IPv6 protocol that can compromise confidentiality, integrity and availability.
We compared the indicators considered in the variables and applied the descriptive and
inferential statistics for the demonstration of the hypothesis. The software tools used
were: Virtual box that allowed the virtualization of Linux distributions, security Onion,
specialized distribution in intrusion detection systems, Snort as detector system engine,
Graylog as IPv6 log manager, TCHIPv6 suite as IPv6 traffic generator Malicious and
Wireshark as an analysis tool for IPv6 traffic frames. lt was developed implemented, and
compared the results obtained by working on the local network at the Faculty of
lnformatics and Electronics from the ESPOCH, among the prototypes I (Security Onion
using the custom rules and coupled the logs management module) and II (Security
Onion using the official rules of Snort) which obtained a valuation of 16 and 4 points
according to the Likert scales respectively. lt is concluded that the proposed system
detects and manages the intrusion alerts improving three times the level of security within
the local network. lt is recommended that students or professionals interested in the
subject continue the analysis of abnormal patterns of IPv6 traffic in order to increase the
number of IPv6 alerts to detect