Analyze Key Security Mechanisms and Approaches with this practical primer, the first book on the market to cover critical IPv6 security considerations.
Dan Minoli, author of over 50 books on telecommunications and networks, and Jake Kouns, Chairman, CEO and CFO of the Open Security Foundation, discuss IPv6 security vulnerabilities, considerations, and mechanisms, and survey approaches for ensuring reliable and controlled IPv6 migration. The authors pool knowledge from industry resources, RFCs, and their own considerable security experience, discussing key IPv6 features, security issues, and potential exploitation of IPv6 protocol. They examine use of firewalls and encryption, and the fundamental topic of IPSec in IPv6 environments.
Protect Networks from New and Growing Threats
An increasing amount of mission-critical commercial and military operations are supported by distributed, mobile, always-connected, hybrid public-private networks, especially IPv6-based networks. The number of attackers or inimical agents continues to grow, and all computing environments must feature high-assurance security mechanisms. Even administrators in pure IPv4 environments require at least a rudimentary understanding of IPv6 security principles to safeguard traditional networks. This comprehensive book explains why security savvy approaches are indispensible and includes considerations for mixed IPv4 and IPv6 migration environments. More than an exhaustive treatment of IPv6 and security topics, this text is a point of departure for anyone adjusting to this technological transition and subtending security considerations.
About the Authors
Daniel Minoli, director of terrestrial systems engineering for SES Americom, has done extensive work with IPv6, including four books on the subject.
Jake Kouns (CISSP, CISA, CISM), director of information security and network services for Markel Corporation, is also co-founder and president of the Open Security Foundation.
Introduction, Overview, and Motivations
Introduction and Motivations
IPv6 Overview
Overview of Traditional Security Approaches and Mechanisms
Basic IPv6 Protocol Mechanisms
IPv6 Addressing Mechanisms
Address Types
Addresses for Hosts and Routers
IPv6 Addressing (Details)
IANA Considerations
Creating Modified EUI-64 Format Interface Identifiers
64-Bit Global Identifier (EUI-64) Registration Authority
More Advanced IPv6 Protocol Mechanisms
IPv6 and Related Protocols (Details)
IPv6 Header Format
IPv6 Extension Headers
Packet Size Issue
Flow Labels
Traffic Classes
Upper-Layer Protocol Issues
Semantics and Usage of the Flow Label Field
Formatting Guidelines for Options
IPv6 Infrastructure
Routing and Route Management
Configuration Methods
Dynamic Host Configuration Protocol for IPv6
More on Transition Approaches and Mechanisms
Security Mechanisms and Approaches
Security 101
Review of Firewall-Based Perimeter Security
IPv6 Areas of Security Concerns: Addresses
Documented Issues for IPv6 Security
Basic IPv6 Security Considerations
IPv6 Flow Labels Issues
ICMPv6 Issues
Neighbor Discovery Issues
Routing Headers
DNS Issues
Minimum Security Plan
IPsec and Its Use in IPv6 Environments
Overview
IPsec Modes
IP Authentication Header (AH)
IP Encapsulating Security Protocol (ESP)
Supportive Infrastructure: IPsec Architecture
Related Observations
Firewall Use in IPv6 Environments
Role of Firewalls for IPv6 Perimeters
Packet Filtering
Extension Headers and Fragmentation
Concurrent Processing
Firewall Functionality
Related Tools
Security Considerations for Migrations/Mixed IPv4-IPv6 Networks
Transition Basics
Security Issues Associated with Transition
Threats and the Use of IPsec
NATs, Packet Filtering, and Teredo
Use of Host-Based Firewalls
Use of Distributed Firewalls
Biography
Daniel Minoli, director of terrestrial systems engineering for SES Americom, has done extensive work with IPv6, including four books on the subject.
Jake Kouns (CISSP, CISA, CISM), director of information security and network services for Markel Corporation, is also co-founder and president of the Open Security Foundation.
