How to utilize NDPMon for better IPv6 monitoring, network visibility

How to utilize NDPMon for better IPv6 monitoring, network visibility

Date: Jan 29, 2013

Achieving true visibility into an enterprise network is always a struggle, and this is certainly the case when monitoring IPv6 networks for malicious Neighbor Discovery Protocol (NDP) activity. NDP provides critical functionality for machines to find routers on an IPv6 network, but it may open the door for potential security issues on IPv6 networks if security teams don't have the necessary monitoring capabilities. To ensure that NDP messages aren't malicious, enterprises can utilize the free and open-source security tool NDP Monitor (NDPMon).

In this month's SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, offers a "deep dive" covering some of the most compelling features of NDPMon, including how to initiate learning mode. First, Keith discusses some of the security issues malicious NDP messages on an IPv6 network pose, such as an attacker sending a wrong network prefix or DNS option to a machine. NDPMon can be manually configured to tell which routers on a network are authorized so that alerts are triggered when unauthorized routers are detected. Perhaps the more compelling option is to initiate learning mode, which enables NDPMon to automatically scan a network to build its own baseline of authorized routers. When any unauthorized activity is detected, such as an attacker attempting to spoof an address by poisoning a neighbor cache, an alert is triggered. With an easy setup and a free price tag, NDPMon is an IPv6 monitoring tool that warrants serious consideration.

About CBT Nuggets
CBTNuggetsCBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers a wealth of free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.

About Keith Barker
Keith Barker, a trainer for CBT Nuggets, has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.

More on Open Source Security Tools and Applications

  • canderson

    Enterprise strategies to enforce open source software security

    VIDEO - In this video, application security expert Michael Cobb discusses open source risks and how revised security policies can standardize development.
  • canderson

    How to use BlackStratus' LOG Storm, a free log management tool

    VIDEO - Keith Barker of CBT Nuggets demonstrates how to use LOG Storm, a free log management system from BlackStratus that organizes and prioritizes enterprise log data.
  • canderson

    How to use TripWire SecureScan, a free vulnerability scanning tool

    VIDEO - Video: Learn how to use TripWire SecureScan, the free vulnerability scanning tool that helps enterprises detect Heartbleed on networks and devices.
  • Take inventory of your open source software security

    Tip - Developers love reusing code, whether it’s an open source library or a code snippet copied from the Internet. This expert tip looks at the best ways to secure and monitor component-driven software.
  • Cost-effective Web application security testing

    Answer - Expert Michael Cobb discusses numerous open source and low-cost Web application security testing options for enterprises on a budget.
  • OpenAppID

    Definition - OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort.
  • Enterprise disk encryption options after the end of TrueCrypt

    Tip - The recent news that TrueCrypt is insecure and has been retired has left many enterprises struggling to decide which encryption technologies to trust. Expert Michael Cobb offers other enterprise encryption options.
  • TailsOS

    Definition - TailsOS is a LiveDistro-based operating system that is configured to run from removable storage and to leave no information stored on the computer after the user’s session. A LiveDistro is a distribution of an operating system on some bootable storage medium. The operating system and associated applications run from the storage device.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: