[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Jim Small
jim.small at cdw.com
Fri Sep 23 18:19:02 CEST 2011
So is this Windows SeND solution a commercial solution, Open Source, or what?
--Jim
-----Original Message-----
From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-bounces at lists.si6networks.com] On Behalf Of Sara
Sent: Friday, September 23, 2011 3:22 AM
To: IPv6 Hackers Mailing List
Subject: Re: [ipv6hackers] IPv6 security presentation at Hack.lu 2011
Hi All,
we already implemented SEND for windows however we're working on performance. I'm really interested to know more about CISCO implementation and other details if available because we would like to know what CISCO did about router certification and so on.
Regards,
Sara
________________________________
From: fred <fred at fredbovy.com>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>; Karl Auer <kauer at biplane.com.au>
Sent: Thursday, September 22, 2011 6:15 PM
Subject: Re: [ipv6hackers] IPv6 security presentation at Hack.lu 2011
Hi,
A bit more about SEND.
I was the CISCO IPv6 engineer who did the dev-test for SEND. I wrote the
test plan and all the TCL scripts to test it all and I also developed the
template to decode the protocol with the Cisco Internal tool...
I would have love to see Microsoft keeps its word and implements it in Vista
as I heard they will but once we (CISCO) developed it, then Microsoft did
not :-(
I wrote this post about SEND:
http://www.fastlaneus.com/blog/2011/08/30/secure-the-ipv6-network-access-wit
h-secure-neighbor-discovery-send-rfc3971-and-cga-rfc3972/
I believe that there would be no protocol safer than IPv6 if SEND was
implemented by Microsoft and Apple... It's a shame they did not!
Having PKI is not a big deal. We get a certificates in France in 10 minutes
from the French Tax when we do our tax return online ! And you only need to
do it sometimes. You don't need a new certificate everyday !
You also need strong time synchronization to make it work but this is not a
big issue neither.
The only big problem is that neither Microsoft neither Apple implemented it.
Fred
Le 22/09/2011 17:56, « Jim Small » <jim.small at cdw.com> a écrit :
> Karl,
>
> To address your questions:
> 1) SeND (Secure Neighbor Discovery Protocol) Info including sources:
> http://en.wikipedia.org/wiki/Secure_Neighbor_Discovery_Protocol
> And a good overview (saw lots of comments on the list):
> http://ipv6.com/articles/research/Secure-Neighbor-Discovery.htm
>
> Ideally I could point you to a Live CD but I couldn't find one. I'll ask
> around and post back if I can find one. I know several people well who have
> setup SeND with Linux/IOS so I know it's possible.
>
>
> 2) Official proclamation from Microsoft the SeND is not implemented in
> Windows:
> http://technet.microsoft.com/en-us/library/bb726956.aspx
> Updated this August, from the Authorization for Automatically Assigned
> Addresses and Configurations section, "Microsoft does not support SEND in any
> version of Windows."
>
> 3) Definitive information on SeND support from Apple for OS X - unfortunately
> I couldn't find it. I'll post back if I can.
>
> 4) Bonus - How to setup SeND in IOS:
> http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-first_hop_sec
> urity.html#wp1112987
>
> --Jim
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
--
Fred Bovy
fred at fredbovy.com
Skype: fredericbovy
Mobile: +33676198206
Siret: 5221049000017
Twitter: http://twitter.com/#!/FredBovy
Blog: http://fredbovyipv6.blogspot.com/
ccie #3013
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
More information about the Ipv6hackers
mailing list