This course will provide the attendee with in-depth knowledge of IPv6 security, such that the attendee is able to evaluate and mitigate the security implications of IPv6 in production environments. The attendee will be given an in-depth explanation of each topic covered in this course, and will learn – through hands-on exercises – how each feature can be exploited for malicious purposes. Subsequently, the attendee will be presented with a number of alternatives to mitigate each of the identified vulnerabilities. During the course, the attendee will perform a large number of exercises in a network laboratory (with the assistance of the trainer), such that the concepts and techniques learned during this course are reinforced with hands-on exercises. A range of open source tools will be employed for all the practical exercises, such that the attendee becomes familiar with the tools arsenal that is typically employed for real-world IPv6 security assessments and penetration tests. The attendee will be required to perform a large number of IPv6 attacks, envision mitigation techniques for the corresponding vulnerabilities, and evaluate the aforementioned mitigation techniques with real-world attack tools.
Audience and prerequisites
Network Engineers, Network Administrators, Security Administrators, Penetration Testers, and Security Professionals in general. Participants are required to have:
- Good understanding of the IPv4 protocol suite (IPv4, ICMP, ARP, etc.)
- Good understanding of network components (routers, firewalls, etc.)
- Knowledge of basic UNIX/Linux shell commands
- Knowledge of basic IPv4 troubleshooting tools, such as: ping, traceroute, and network protocol analyzers
- Basic knowledge of IPv6 is desirable, but not required.
Course duration, format and materials:
- Three days, with up to 50% of course time devoted to practical sessions
- One course book (written by the trainer) that includes all the slides and exercises presented in the course.
- A copy of the virtual lab employed for the training course.
- A certificate of completion of the training course.
- Coffee breaks and lunch included
- Training language: English [* Consultar por posibilidad en Español]
- Students need to bring their own laptop
- Free admission to EuskalHack Security Congress (Two days Coffee breaks and lunch included)
Please note: Course will be cancelled if the minimum of 8 students do not enroll
About the trainer:
Fernando Gont is a world-renowned IPv6 expert, working on IPv6 consulting around the world:
- He has written 30 IETF RFCs, many of which focus on IPv6.
- He is actively involved in IPv6 standardization, with more than 10 active IETF Internet-Drafts.
- Author of the SI6 Network’s IPv6 toolkit, the only portable and freely available toolkit for the IPv6 protocol suite.
- He has been delivering consulting and training services worldwide for more than ten years.
- More information about Fernando Gont is available at his web site: https://www.gont.com.ar.
Detailed training course agenda:
- Introduction to IPv6
- IPv6 Addressing Architecture
- IPv6 Header Fields
- IPv6 Extension Headers (EHs)
- Internet Control Message Protocol version 6 (ICMPv6)
- Neighbor Discovery for IPv6
- Stateless Address Auto-configuration (SLAAC)
- Dynamic Host Configuration Protocol version 6 (DHCPv6)
- Multicast Listener Discovery (MLD)
- Upper-Layer Attacks
- DNS Support for IPv6
- IPv6 Firewalls
- Security Implications of IPv6 forIPv4-only Networks
- Transition/Co-existence Technologies
- Network Reconnaissance in IPv6
- IPv6 Deployment Consideration
Please register here!