Návrh systému pro testování zabezpečení sítě IPv6 a zpracování incidentů v prostoru privátních adres

Design of a system for testing security in IPv6 networks and processing incidents containing private addresses

contract

IPv6, security, NetFlow, NAT

IPv6 protocol is deployed in most cases together with network address translation technique (NAT). The combination of IPv6 deployment and NAT introduces several issues for network administrators. Firstly, the network administrator must ensure the same level of security both for IPv6 and IPv4 networks. Secondly, NAT raises an issue with trackig security incidents because it is necessary to correctly bind global and private IPv4 addresses. The project aims to solve these issues. Active networking probe will be developed to test the protection of IPv6 network against known vulnerabilities. Information about binding between global and private IPv4 addresses will be solved by developing a plugin for current NetFlow probes. The plugin will export all necessary information about network translation thus allowing network administrator to trace back a security incident. The outcomes of the project will help to test the security of IPv6 network and provides all information to easily trace back a security incident even in network with private IPv4 addresses.

Grégr Matěj, Ing., Ph.D. (DIFS) – research leader
Korček Pavol, Ing., Ph.D. (DCSY)