Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt
-
Upload
martin-dunn -
Category
Documents
-
view
31 -
download
1
description
Transcript of Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt
![Page 1: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/1.jpg)
Advanced IPv6 Residential Security
draft-vyncke-advanced-ipv6-security-01.txt
Eric Vyncke [email protected] Townsley [email protected]
March 2010
![Page 2: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/2.jpg)
Advanced Security
User Feedback
User control
IPS
Dynamic Policy & Signatures
Update On-line Access to
IP Address Reputation
![Page 3: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/3.jpg)
Overview7 policies are identified in the -00. These are largely
based on features which are commonly available in “advanced” security gear for enterprises today
Home edge router is not something that is purchased and thrown away when obsolete. Instead, it is actively updated like many other consumer devices are today (PCs, iPods and iPhones, etc.)
Business model may include a paid subscription service from the manufacturer, a participating service or content provider, consortium, etc.
![Page 4: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/4.jpg)
Why is this important to IPv6?Security policy can be adjusted to match the
threat as attacks arriveWe don’t break end-to-end IPv6, unless we
absolutely have to
![Page 5: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/5.jpg)
-00 at IETF 76-00 presented at V6OPS & SAAGGlobally positive reaction
The crypto part could be improved/better presentedParanoid Openness is very much needed for IPv6Already known as Universal Threat Mitigation for
large enterprisesCould/should cross pollination with simple-security ID
![Page 6: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/6.jpg)
Between IETF76 & 77Small design team has be createdBut, little progress done (Eric’s & Mark’s fault)-01 delta
Some cosmeticsMore reference to UTMReference to previous I-D
![Page 7: Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-01.txt](https://reader036.fdocuments.in/reader036/viewer/2022083015/56812cf8550346895d91c4e6/html5/thumbnails/7.jpg)
After IETF 77Activate the design teamSome discussions at HomeGate interim in ParisBoF in IETF 78?Bring rule7 (rate limited but open inbound) into
simple security?