IPv6: How to Securely Start Deploying w/ Joff Thyer (1-Hour)

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! Learn regular expressions your new lifestyle with ___INSTRUCTOR___ from Antisyphon Training: https://www.antisyphontraining.com/regular-expressions-your-new-lifestyle-w-joff-thyer/ 00:00 - Inaudible, But Good Looking Banter 00:18 - Here We Are Now. Educate Us 00:56 - IPv4 And After 05:45 - What’s the Address For IPv6? 07:40 - What About IPv5? 08:31 - IPv6 Allocation 09:27 - IPv6 Packets 10:28 - IPv6 Address Types 13:26 - IPv6 Address Typecasting 14:55 - IPv6 Address Assignment 16:21 - IPv6 Multiple Interface Addresses 18:25 - IPv6 EUI-64 18:25 - ICMPv6 23:56 - ICMPv6 Neighbor Discovery 27:37 - Securing the v6 28:32 - IPv6 Address Filtering 30:45 - ICMPv6 Perimeter Filtering 31:59 - ICMPv6 Transit Traffic 33:22 - ICMPv6 Non-Transit 36:14 - IPv6 Multicast Filtering 38:35 - IPv6 Protocol Normalization 39:32 - IPv6 Extension Headers 40:18 - IPv6 Enforcing EH Rules 41:15 - IPv6 Header Normalization 42:48 - IPv6 Protocol Normalization Reprise 44:14 - Address Privacy / Obscurity 46:51 - RFC4941 Privacy Extensions 47:28 - Endpoint Route Table 48:47 - Summary Recommendations 50:32 - To Be Continued... Description: Joff Thyer has been diving into everything that is IPv6 and has so much to share about it. He’s going to get really technical but in a way you’ll be able to understand. Google reports that over 30% of their systems access comes via the IPv6 protocol coming into 2020. Many Internet Service Providers have no remaining choice but to deploy IPv6 for simple lack of v4 address resources. The global Internet can already be thought of as balkanized into a split IPv4/IPv6 world based on historical v4 allocation. There will soon come a time whereby accessing IPv4 deployed resources will be considered legacy. Join Joff and the BHIS team to discuss security principles surrounding an Internet facing IPv6 deployment. Learn about fundamentals, known security issues, and appropriate infrastructure defenses which must be implemented. Enjoy a spirited discussion on how the v4 life support mechanisms of classless interdomain routing, and network address translation are not required in a v6 world. It’s past time for IPv6 to become the norm. Fear not as we can do this! Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SecurelyDeployingIPv6.pdf Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec