Deploy360 1 March 2019

IPv6 Security for IPv4 Engineers

This document provides an overview of IPv6 security and is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as much of the existing IPv4 knowledge and experience as possible, by highlighting the security issues that affect both protocols in the same manner, and those that are new or different for the IPv6 protocol suite. Additionally, it discusses the security implications arising from the co-existence of the IPv6 and IPv4 protocols.

Table of Contents

  1. Introduction
  2. Security Implications of the IPv6 Protocol Suite
    1. IP Addressing
      1. IPv6 Network Reconnaissance
      2. Impact of IPv6 subnet size on IPv6 stack resiliency
      3. Challenges arising from IPv6 host address availability
      4. Lack of Address Translation
    2. IP Packet Structure
    3. Fragmentation
    4. IPsec support
    5. Fault Isolation
    6. Address Resolution
      1. Secure Neighbor Discovery (SEND)
      2. Traffic Monitoring
      3. Traffic Compartmentalization
      4. Enforcing Packet-filtering at Layer-2 Devices
    7. Address generation/configuration
    8. Multicast Usage
    9. Network Architecture
  3. Security Implications of Dual-Stack Networks
  4. Security Implications of IPv6 on IPv4 Networks
  5. Acknowledgements
  6. References
  • ipv6-sec-for-ipv4-eng-thumbnail thumbnail Download
  • ipv6-sec-for-ipv4-eng-thumbnail thumbnail Download

Related articles

Deploy360 1 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map...

Deploy360 27 February 2019

Introduction to DNS Privacy

Abstract Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to...

Deploy360 27 February 2019

IPv6 Security Frequently Asked Questions (FAQ)

Executive Summary The Internet Society recognises that global deployment of the IPv6 protocol is paramount to accommodate the present...