This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on “IPv4-only” networks, and describes possible mitigations for the aforementioned issues.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79 and will expire on March 8, 2013.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Pavel Celeda, Jiri Novotny & Radek Krejci, Masaryk University BrnoThese days the problem of cyber security is of utmost importance. Massive cyber attacks targeting government and mission critical servers can swiftly become an issue of national security. Various approaches for cyber defence and cyber security used to date have been based on software solutions without hardware acceleration. With the increasing number of network users, services and the current generation of multi-gigabit network links, the amount of transferred data has increased significantly. These facts have rendered many current solutions for network security obsolete. This presentation describes hardware-accelerated monitoring system. The time and performance critical parts are processed in hardware and only the relevant traffic parts are processed in software. Such approach allows us to use current security tools in multi-gigabit networks under worst-case scenarios like a distributed denial-of-service attacks. We present various deployment use cases for network security monitoring.Jiri Novotny graduated at Radio Communications from Technical University Brno in 1981. Since 1983 he has worked with the Institute of Computer Science at the Masaryk University Brno. He works on hardware development of new generation of PCI cards based on FPGA technology and leads the team developing high-speed network monitoring adapters – www.liberouter.org. He and his team participated on several network security related projects.