Defending against Advanced Threats and IPv6 attacks

I was listening to a Cyber Intelligence briefing this morning and several things caught my attention. First of all, advanced threats, like Stuxnet are really scary.

What will Cyber Defense systems look like in the near future when threats can self replicate, self heal, avoid detection, are encrypted, use encrypted communication channels, contain several intelligent payloads and can cross from open computer systems to closed secured systems?

Also IPv6 was mentioned several times. The speaker mentioned that the US government wants IPv6 because it encapsulates network packets into a hardened shell so they can’t be read. And that other nations, nations that are not friendly to the US, already have adopted IPv6 and are using this as an attacking platform. While the US lags behind in rolling out IPv6.

According to the speaker, an IPv4 defender is at a disadvantage when being attacked by an IPv6 network. He said that they may not be able to track back the attacker, because IPv6 is more secure.

I don’t think these statements are completely accurate. Granted, I am not a IPv6 guru, but from what I have heard, many of the IP vulnerabilities in IPv4 remain in IPv6. And IPv6 has some of its own issues. Toolkits like the thc-ipv6 Toolkit exist that only attack IPv6. Sniffing, rogue devices, denial of service, man-in-the-middle attacks are all still possible in IPv6.

The NSA has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security monitoring.

How much monitoring is needed, and how far will it go? The TSA has already over reacted to terrorist threats by installing invasive full body scanners in airports. Will this mentality be carried over to the electronic world and everything that is done online be recorded, and analyzed for keyword data?

Will this include government monitoring of e-mails, social media, and even cloud computing?  Rumors abound, and overreaction is not the answer.

So what will Cyber Defense look like in the future? I believe the answer will be a mix of high-speed hardware with offensive capabilities (like RSignia’s products), network security monitoring & analysis and a united front from the government, private sector and our allies.

~ by D. Dieterle on January 19, 2011.

2 Responses to “Defending against Advanced Threats and IPv6 attacks”

  1. Saw this on Infosecisland and agree completely.

    Have you seen this?

    http://www.hak5.org/episodes/episode-810

    • No, actually I haven’t.
      Thanks for pointing it out. I used to watch Hak5 episodes every so often, they are usually very good. I will definetly check it out.

      Just been so busy lately, working on two books, and just trying to stay up on things!

      Thanks man!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: