Workshop: Overview of the Real-World Capabilities of Major Commercial Security Products.

March 11, 2013 (at 3:30 p.m.)

Many vendors of security products flag those as “IPv6 ready”. Still, taking a closer look, it often turns out that relevant features aren’t fully implemented for IPv6 traffic. This includes insufficient filtering capabilities on the application layer, lack of IPv6 support for clustering/management interfaces or deficient analysis of IPv6 related events on SIEM systems.

In this workshop we provide an overview as for the IPv6 readiness of several major security products (e.g. the firewall offerings from Cisco, Check Point or McAfee), looking at “what really works” (at least in an operationally feasible way) and what doesn’t, as of spring 2013.

Our evaluation is based on own lab testing and on our real-world experience in some production networks. Furthermore we discuss the “RIPE 554 compliance” of such products (and if RIPE 554 is suited to evaluate the relevant security features of such products at all).

Requirements: Bring your own device (a laptop with ssh&rdp)

Enno Rey

Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.

Hendrik Schmidt

Hendrik Schmidt is a seasoned security researcher with vast experiences in large and complex enterprise networks. He is a pentester at the German based ERNW GmbH with focus on telecommunication networks. Over the years he evaluated and reviewed all kinds of network protocols and applications. He loves to play with complex technologies and networks and demonstrated several implementation and design flaws. In this context he learned how to play around with core and backhaul networks, wrote protocol fuzzers and spoofers for testing implementations and security architecture. As his profession of pentester, security researcher and consultant he will happily share his knowledge with the audience.

Christopher Werny

Christopher has been involved with IPv6 since 2005 and has performed a number of IPv6 planning, implementation and troubleshooting projects & tasks since then. He leads the network security team at ERNW.