IPv6 Security Technical Briefing

Understanding the new security issues introduced by IPv6 and the actions you should take

You will learn:

  • The current status of IPv6
  • The security features of IPv6
  • IPv6 security risks
  • The differences in IPv4 and IPv6 security
  • The risks associated with IPv6 transition mechanisms.
  • How to mitigate the security risks associated with IPv6.
  • How to build IPv6 firewalls.
  • IPv6 security best practice.

Briefing Benefits

IPv6 is now widely available. In some organisations and parts of the world IPv6 is in common use.

Whilst you may not have implemented IPv6 in your network yet, you still need to secure your network against abuse using IPv6 protocols.

Modern network operating systems, including Windows Vista and Windows Longhorn, use IPv6 in preference to IPv4 and have IPv6 turned on by default.

You need to ensure that your network is IPv6 secure and that you are ready for any future implementation of IPv6.

Briefing Contents

IPv6 Basics

  • Comparison of IPv6 and IPv4
  • What is IPv6?
  • Why is IPv6 required?
  • Address Space
  • Is there an address shortage?
  • IPv6 improvements over IPv4
  • New features in IPv6
  • The benefits of IPv6
  • Motivations to implement IPv6
  • IPv6 status summary
  • Timescale predictions

IPv6 Security Features

  • Security features in IPv6
  • IPv6 IPSec
  • Privacy addresses
  • Temporary addresses
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Mobile IPv6 security
  • Dynamic routing security
  • Examples of IPv6 security

IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • Neighbor discovery threats
  • ND threat examples
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • SEND and CGA
  • Mitigating ICMPv6 threats

IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPSec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

The Lecturers

All our lecturers are practising network consultants with extensive experience of IPv6 networking on Unix and Windows in large commercial environments. They are ideally suited to bringing you an up to date analysis of the status of IPv6.