|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISN] Look Before You Leap into IPv6 with Teredo
From: InfoSec News (alerts
infosecnews.org)
Date: Fri Dec 08 2006 - 00:26:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Forwarded from: Jim Hoagland <jim_hoagland (at) symantec.com>
In the interest of clarity...
On 12/6/06 10:12 PM, "InfoSec News" <alertsinfosecnews.org> wrote:
> === IN FOCUS: Look Before You Leap into IPv6 with Teredo =======
> by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
[...]
> Hoagland also writes that security devices such as intrusion detection
> and prevention systems (IDSs/IPSs) that are designed for IPv4 don't
> understand IPv6 traffic. Thus, the IPv4 devices can't enforce adequate
> security controls on IPv6 traffic encapsulated in IPv4 packets.
That's not exactly what I wrote actually. The point I made is that
unless a firewall/NIDS/NIPS is specifically Teredo aware, the IPv6
content that Teredo is carrying (over UDP over IPv4) will not be
properly inspected. Thus, introducing Teredo on your network might well
reduce your security posture. I talk about this mainly in Section III-B
of the paper (page 8) [1], but I think my blog entry [2] also explains
it well.
[1] http://www.symantec.com/avcenter/reference/Teredo_Security.pdf
[2] http://tinyurl.com/ulk9o
Thank you,
Jim
--
Jim Hoagland, Ph.D., CISSP
Principal Security Researcher
Advanced Threats Research
Symantec Security Response
www.symantec.com
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]