[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt

To: <alvaro.vives@consulintel.es>
Subject: Re: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Thu, 2 Jun 2005 10:50:32 +0930
Cc: elwynd@dial.pipex.com, v6ops@ops.ietf.org
In-reply-to: <MDAEMON-F200505311754.AA5452638md50000008878@consulintel.es>
References: <20050528193653.3229b457.ipng@69706e6720323030352d30312d31340a.nosense.org> <MDAEMON-F200505311754.AA5452638md50000008878@consulintel.es>

Hi Alvaro,

On Tue, 31 May 2005 17:59:08 +0200
"Alvaro Vives" <alvaro.vives@consulintel.es> wrote:

> Hi Mark,
> 
> I would like to add some comments over your comments... See below: 
> 
<snip>
> > 
> > 2.1.11  Link-Local Addresses and Securing Neighbor Discovery
> > 
> > "Because the link-local address can, by default, be acquired without
> >    external intervention or control, it allows an attacker to commence
> >    communication on the link without needing to acquire information
> >    about the address prefixes in use or communicate with any 
> > authorities
> >    on the link.  This feature gives a malicious node the 
> > opportunity to
> >    mount an attack on any other node which is attached to this link;
> >    this vulnerability exists in addition to possible direct attacks on
> >    NDP."
> > 
> > I think there is also a "non-malicious" use of link local 
> > addresses in the above scenario, in particular on wireless 
> > links, namely using the available link bandwidth to 
> > communicate between one or more "non-link authorised" nodes, 
> > rather than maliciously attacking "link-authorised"
> > nodes. That is eluded to in the earlier part of the 
> > paragraph, possibly an explicit mention of this type of 
> > bandwidth theft could be useful.
> 
> This is an interesting idea and IMO not restricted to wireless links. I
> think the general idea is that link-local addresses allows communication
> among hosts within a LAN and no access control could be done. For example in
> a layer two infrastructure within a building two hosts could communicate
> among them.
> 

I certainly agree about it not being restricted to wireless links. The
thing about wireless links is that they don't have a level of physical
security protecting them i.e. building security, or required physical
access to wired wall points. 802.11(a|b|g) networks are being deployed
all over the place, including as open access (at layer 2) in cities, to
provide subscribed Internet access. I've heard of people being willing
to go so far as taking their desktop PCs in semi-public areas (were free
or rather easy access to mains electricity exists) on a daily basis just
to use this "free" wireless infrastructure, which surprises me. Then
again, "connectivity is it's own reward."

Thinking about it a bit more, this problem certainly isn't restricted to
link-local addresses, as bringing up static globals or ULAs on the link
would also allow bandwidth theft. Obviously this is really a layer 2
security problem in general, with IPv6 link-local's specifically making
it easier exploit when using IPv6.

> > 
> > 2.3.2  Enterprise Network Security Model for IPv6
> > 
> > "   o  Development of centralized security policy repositories and
> >       distribution mechanisms which, in conjunction with 
> > trusted hosts,
> >       will allow network managers to place more reliance on security
> >       mechanisms at the end points and allow end points to 
> > influence the
> >       behavior of perimeter firewalls."
> > 
> > My comment is probably a bit minor. The text is abstract 
> > about the security mechanisms on the end-points, yet is 
> > specific about the idea of allowing the end points to 
> > influence the perimeter firewalls. I'd like to suggest either 
> > being a bit more specific about end point security mechanisms 
> > (ie. explicit "end-node firewalling"), or be a bit more 
> > abstract about perimeter security mechanisms. It seems to me 
> > that the above paragraph is somewhat implying that the idea 
> > of perimeter firewalls is mostly agreed upon, yet I think 
> > that once the end points implement firewall type security 
> > themselves, with a policy distribution mechanism, perimeter 
> > firewalls would possibly be unnecessary. This end-node 
> > firewalling only security model would contradict the "and 
> > allow end points to influence the behavior of perimeter 
> > firewalls" text above.
> > Possibly the "and" could be changed to an "or" ? Again, this 
> > point is probably minor.
> > 
> 
> I would suggest not to just think on end-node firewalling but in a more
> complex "security tool" which will enforce the security policy distributed.
> I could think in firewalling+IDS+anti-virus+anti-spam+....
> 

I agree, and I think that might be a good reason to not suggest specific
technologies in either the end-node or network perimeter descriptions,
and maybe use the term general "security mechanisms" instead.

Thanks,
Mark.

References:
- Re: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- RE: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
  - From: "Alvaro Vives" <alvaro.vives@consulintel.es>

Prev by Date: I-D ACTION:draft-ietf-v6ops-bb-deployment-scenarios-02.txt
Next by Date: Re: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
Previous by thread: RE: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
Next by thread: Re: Please comment on new draft: draft-ietf-v6ops-security-overview-00.txt
Index(es):
- Date
- Thread