The Dynamic Host Configuration Protocol Version 6 Security And Privacy Mechanism

Internet Protocol version 6 (IPv6) is the most recent IP version that aims to accommodate hundreds of thousands of unique IP addresses for devices in the network. In IPv6 network, Dynamic Host Configuration Protocol version IPv6 (DHCPv6) is used to allocate and distribute IPv6 addresses and network configuration parameters to DHCPv6 clients. However, the DHCPv6 protocol was developed without a proper security mechanism making it vulnerable to various threats, such as rogue DHCPv6 server attack and passive attack. Two well-known issues of DHCPv6 are lack of verification mechanism that allows attackers to inject fake network configuration parameters into the network undetected; and privacy concerns due to lack of protection of client information in transit. In order to address these issues, several mechanisms were proposed by researchers to provide authentication and privacy protection for DHCPv6. However, most mechanisms lack the method to distribute the server authentication credentials; and ignore the client's privacy issue. This thesis intends to address the above mentioned issues by proposing DHCPv6Sec mechanism. DHCPv6Sec was evaluated and compared to Secure-DHCPv6 mechanism in terms of rogue DHCPv6 server prevention capability, privacy protection, processing time, traffic overhead, communication time, and message size limitation. The experiment results showed that DHCPv6Sec is superior in all aspects measured. DHCPv6Sec reduced processing time by 57%, and 136% during obtain IPv6 address and processing of Reconfigure message, respectively, compared to Secure-DHCPv6 mechanism. More, DHCPv6Sec reduced configuration time by 27% compared to Secure-DHCPv6 mechanism

IPv6 Address Assignment in GNS3 Tool.

Cílem bakalářské práce je popis možností získání IP adresy v prostředí protokolu IPv6. Teoretická část popisuje způsoby adresování zařízení a získání jiných konfiguračních parametrů, jako je DNS server, prostřednictvím technologií SLAAC, zero configuration, stateless DHCPv6 a statefull DHCPv6. V praktické části je popsáno jakým způsobem se pracuje v prostředí GNS3 souběžně s virtuálními zařízeními s operačním systémem Ubuntu. V této části je také popsaná konfigurace malé místní sítě skládající se z DHCPv6 serveru a 3 klientů, kde každý z nich bude mít přiřazenou IPv6 adresu jiným způsobem. Následuje ověření konfigurace pomocí screenshotů a zhodnocení popsaných metod.Purpose of my bachelors thesis is to describe options of obtaining IP address in the IPv6 environment. Theoretical part describes different ways of device addressing and gaining other configuration parameters, for example DNS server, through technology called SLAAC, zero configuration, stateless and statefull DHCPv6. In the practical part is described how to work in GNS3 environment in parallel with virtual machines running on operation system Ubuntu. In this part there is also described configuration of LAN consisting of DHCPv6 server and 3 clients, where each of them will have assigned address by different method. Verification by screenshots and evaluation of described methods follows.440 - Katedra telekomunikační technikyvelmi dobř

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

DHCP Monitoring Using IPFIX

Tato práce popisuje postupy pro sledování provozu síťových protokolů BOOTP, DHCP pro IPv4 a DHCP pro IPv6 pomocí netflow sondy FlowMon od společnosti Invea-tech. Je zde nastíněna problematika těchto protokolů, funkčnost sondy FlowMon, obecný popis NetFlow a vlastní popis řešení pro sběr a vyhodnocení dat. Byla provedena důkladná analýza a poté byly sepsány moduly pro sondu FlowMon pro možnost monitoringu zmíněných protokolů. Jejich implementace, způsob testování a vyhodnocení získaných dat je v této práci popsán.This thesis describes procedures for traffic monitoring of network protocols BOOTP, DHCP for IPv4 and DHCP for IPv6 through netflow probes FlowMoon made by Invea-tech. There are outlined the issues of these protocols, the functionality of the FlowMoon probe, a general description of NetFlow and the description of the solution for collecting and evaluation of the data. A deep analysis was made, and later on the modules for FlowMoon probe was written giving the possibility to monitoring of these protocols. Their implementation, method of testing and evaluation of gathered data is described in this paper.

Copyright Notice

IAB Thoughts on Encodings for Internationalized Domain Names This document explores issues with Internationalized Domain Names (IDNs) that result from the use of various encoding schemes such as UTF-8 and the ASCII-Compatible Encoding produced by the Punycode algorithm. It focuses on the importance of agreeing on a single encoding and how complicated the state of affairs ends up being as a result of using different encodings today. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Architecture Board (IAB) and represents information that the IAB has deemed valuable to provide for permanent record. Documents approved for publication by the IAB are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained a

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence

Configuration of OpenWRT System Using NETCONF Protocol

Cílem práce je konfigurace platformy OpenWrt s využitím protokolu NETCONF. Na komunikaci pomocí protokolu NETCONF byly použity stávající nástroje ve formě knihovny libnetconf a sady nástrojů Netopeer. Implementační část se zabývá vývojem modulů na konfiguraci systému a síťových rozhraní.The aim of this thesis is OpenWrt platform configuration using the NETCONF protocol. Existing tools such as libnetconf library and Netopeer toolset were used for the communication using the NETCONF protocol. Implementation part deals with the development of modules for system and network interfaces configuration.

Konfiguraationhallinnan datan käyttö verkkoinfrastruktuurin hallintaan

Configuration management software running on nodes solves problems such as configuration drift on the nodes themselves, but the necessary node configuration data can also be utilized in managing network infrastructure, for example to reduce configuration errors by facilitating node life cycle management. Many configuration management software systems depend on a working network, but we can utilize the data to create large parts of the network infrastructure configuration itself using node data from the configuration management system before the nodes themselves are provisioned, as well as remove obsolete configuration as nodes are decommissioned.Konfiguraationhallintajärjestelmien käyttö ratkaisee tietoliikenneverkon solmuilla (node) esiintyviä ongelmia kuten konfiguraation ajelehtimista, mutta konfiguraationhallintaan vaadittua tietovarastoa voidaan käyttää myös verkkoinfrastruktuurin hallinnassa, esimerkiksi vähentämään konfiguraatiovirheitä helpottamalla solmujen elinkaaren hallintaa. Useat konfiguraationhallintaohjelmistot vaativat toimivan verkon, mutta suuria osia verkkoinfrastruktuurin konfiguraatiosta voidaan luoda käyttäen konfiguraatiohallinnan tietovarastoa ennen kuin solmuja pystytetään, sekä voidaan varmistaa vanhentuneen konfiguraation poistuminen solmuja alas ajattaessa

D3.6.1: Cookbook for IPv6 Renumbering in SOHO and Backbone Networks

In this text we present the results of a set of experiments that are designed to be a first step in the process of analysing how effective network renumbering procedures may be in the context of IPv6. An IPv6 site will need to get provider assigned (PA) address space from its upstream ISP. Because provider independent (PI) address space is not available for IPv6, a site wishing to change provider will need to renumber from its old network prefix to the new one. We look at the scenarios, issues and enablers for such renumbering, and present results and initial conclusions and recommendations in the context of SOHO and backbone networking. A subsequent deliverable (D3.6.2) will refine these findings, adding additional results and context from enterprise and ISP renumbering scenarios