‹ Back
Deploy360 10 March 2015

IPv6 Security Myth #9 – There Aren't Any IPv6 Security Resources

Security in an IPv6 WorldWe are approaching the end of this 10 part series on the most common IPv6 security myths. Now it’s time to turn our eyes away from security risks to focus a bit more on security resources. Today’s myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it’s nearly impossible to find that information. So let’s get down to it and dispel our 9th myth. We’ll start by looking at a few of the high level principles and then look at a selection of resources, which contain much more detail.

Myth: There are no IPv6 Security BCPs yet
Reality: There are!

Many security standards don’t discuss IPv6 specifically. However, any general guideline related to IP likely applies to both versions – many security policies are (and should be) higher level. We saw this in Myth’s #2 and #7 to some extent and it’s also evident below, as many of these security practices apply to both IPv6 and IPv4.

Here are a few of the key principles to keep your IPv6 network secure:

  • Perform IPv6 filtering at the perimeter
  • Use RFC2827 (BCP38) and RFC3704 (BCP84) ingress filtering throughout the network
  • Use manual tunnels (with IPsec whenever possible) instead of dynamic tunnels and deny packets for transition techniques not used
  • Use common access-network security measures (NAC/802.1X, disable unused switch ports, Ethernet port security, MACSec/TrustSec)
  • Strive to achieve equivalent protections for IPv6 as with IPv4
  • Continue to let vendors know what you expect in terms of IPv6 security features

Myth: There are no IPv6 Security Resources available
Reality: There are!

The BCPs above are really just the tip of the iceberg when it comes to all the things you need to know to securely deploy IPv6. For a deeper dive on how to actually execute on these high level policies you’ll want to do some more reading. Here are a couple of the best IPv6 security resources I’m aware of. Read them and you’re well on your way to being a true IPv6 security expert!

What are your favorite IPv6 security resources? Leave a comment!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

IPv6 Security Myth #10 - Deploying IPv6 is Too Risky
Deploy36024 March 2015

IPv6 Security Myth #10 – Deploying IPv6 is Too Risky

After a quick break to catch our breath (and read all those IPv6 Security Resources), it’s now time to look...

IPv6 Security Myth #2 - IPv6 Has Security Designed In
Deploy36020 January 2015

IPv6 Security Myth #2 – IPv6 Has Security Designed In

Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the...

IPv6 Security Myth #1 - I’m Not Running IPv6 so I Don’t Have to Worry
Deploy36013 January 2015

IPv6 Security Myth #1 – I’m Not Running IPv6 so I Don’t Have to Worry

Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there...

Join the conversation with Internet Society members around the world