This workshop covers advanced security aspects of IPv6 in enterprise environments. We will focus on architecture and planning aspects and discuss latest developments in the technology and standards space.

The goal is to enable the participants to take well-informed decisions when it comes to deploying IPv6 in a both secure and operationally feasible manner.

It is assumed athat participants already dispose of some fundamental knowledge as for IPv6′s inner workings.

Agenda

Current state of IPv6 security in LANs:

• Attack trends and tools.
• Which of those are presumably relevant and which are not.
• Best practices for network stability and security.
• Overview of devices of main vendors supporting RA guard and the like (NDP, DHCP snooping).

Choosing the right addressing approach:

• Some notes on the ULA discussion.
• When & where to use link local addresses from a security perspective.

Privacy extensions:

• Advantages & disadvantages from a security & privacy point of view.
• Default behavior of common desktop and smartphone operating systems (and how to potentially adjust it).
• Practical implications (e.g. reverse DNS).

Filtering IPv6 traffic:

• Best practices and sample configurations.
• Overview of IPv6 support in common security devices.
• NAT in the IPv6 world – the endless debate.

Target Audience:

• Network planners
• Sysadmins in IPv6 environments
• Security Officers

This workshop is held by Enno Rey and Christopher Werny. We might be joined by other experts in the field.

We are looking forward to an interesting workshop with you!
The ERNW / TROOPERS Team