Defending Against Advanced Threats and IPv6 Attacks

Monday, January 24, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

I was listening to a Cyber Intelligence briefing recently and several things caught my attention. First of all, advanced threats, like Stuxnet are really scary.

What will Cyber Defense systems look like in the near future when threats can self replicate, self heal, avoid detection, are encrypted, use encrypted communication channels, contain several intelligent payloads and can cross from open computer systems to closed secured systems?

Also IPv6 was mentioned several times. The speaker mentioned that the US government wants IPv6 because it encapsulates network packets into a hardened shell so they can’t be read.

And that other nations, nations that are not friendly to the US, already have adopted IPv6 and are using this as an attacking platform. While the US lags behind in rolling out IPv6.

According to the speaker, an IPv4 defender is at a disadvantage when being attacked by an IPv6 network. He said that they may not be able to track back the attacker, because IPv6 is more secure.

I don’t think these statements are completely accurate. Granted, I am not a IPv6 guru, but from what I have heard, many of the IP vulnerabilities in IPv4 remain in IPv6. And IPv6 has some of its own issues.

Toolkits like the thc-ipv6 Toolkit exist that only attack IPv6. Sniffing, rogue devices, denial of service, man-in-the-middle attacks are all still possible in IPv6.

The NSA has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security monitoring.

How much monitoring is needed, and how far will it go? The TSA has already over reacted to terrorist threats by installing invasive full body scanners in airports.

Will this mentality be carried over to the electronic world and everything that is done online be recorded, and analyzed for keyword data?

Will this include government monitoring of e-mails, social media, and even cloud computing?  Rumors abound, and overreaction is not the answer.

So what will Cyber Defense look like in the future?

I believe the answer will be a mix of high-speed hardware with offensive capabilities (like RSignia’s products), network security monitoring & analysis and a united front from the government, private sector and our allies.

Cross-posted from Cyber Arms

Possibly Related Articles:
13180
Network->General
Defense Vulnerabilities Advanced Persistent Threats Information Security IPv6 toolkit
Post Rating I Like this!
F99b926938a02c88e6159c9fdcb1d2d5
Jamie Graves It's likely that the network scanning/protection will continue with the arms race. Full layer 7 scanning and therefore better/faster/more hardware will be required with on NIC filtering and processing.

However, something needs to be done about the last metre on the endpoint itself and it's likely that we'll see some interesting stuff going on here.
1295966297
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.