This document provides an overview of IPv6 security and is specifically aimed at IPv4 engineers and operators.
Rather than describing IPv6 in an isolated manner, it aims to re-use as much of the existing IPv4 knowledge and experience as possible, by highlighting the security issues that affect both protocols in the same manner, and those that are new or different for the IPv6 protocol suite. Additionally, it discusses the security implications arising from the co-existence of the IPv6 and IPv4 protocols.
Table of Contents
- Introduction
- Security Implications of the IPv6 Protocol Suite
- IP Addressing
- IPv6 Network Reconnaissance
- Impact of IPv6 subnet size on IPv6 stack resiliency
- Challenges arising from IPv6 host address availability
- Lack of Address Translation
- IP Packet Structure
- Fragmentation
- IPsec support
- Fault Isolation
- Address Resolution
- Secure Neighbor Discovery (SEND)
- Traffic Monitoring
- Traffic Compartmentalization
- Enforcing Packet-filtering at Layer-2 Devices
- Address generation/configuration
- Multicast Usage
- Network Architecture
- IP Addressing
- Security Implications of Dual-Stack Networks
- Security Implications of IPv6 on IPv4 Networks
- Acknowledgements
- References