Achieving true visibility into an enterprise network is always a struggle, and this is certainly the case when monitoring IPv6 networks for malicious Neighbor Discovery Protocol (NDP) activity. NDP provides critical functionality for machines to find routers on an IPv6 network, but it may open the door for potential security issues on IPv6 networks if security teams don't have the necessary monitoring capabilities. To ensure that NDP messages aren't malicious, enterprises can utilize the free and open-source security tool NDP Monitor (NDPMon).
In this month's SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, offers a "deep dive" covering some of the most compelling features of NDPMon, including how to initiate learning mode. First, Keith discusses some of the security issues malicious NDP messages on an IPv6 network pose, such as an attacker sending a wrong network prefix or DNS option to a machine. NDPMon can be manually configured to tell which routers on a network are authorized so that alerts are triggered when unauthorized routers are detected. Perhaps the more compelling option is to initiate learning mode, which enables NDPMon to automatically scan a network to build its own baseline of authorized routers. When any unauthorized activity is detected, such as an attacker attempting to spoof an address by poisoning a neighbor cache, an alert is triggered. With an easy setup and a free price tag, NDPMon is an IPv6 monitoring tool that warrants serious consideration.
About CBT Nuggets
CBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers a wealth of free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.
About Keith Barker
Keith Barker, a trainer for CBT Nuggets, has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.