• Who am I?
  • Creativity
  • IPv6
  • SDN
  • Security

Creative|Technologist

[email protected]
Login

Login
don't panic don't panic don't panic don't panic
  • Who am I?
  • Creativity
  • IPv6
  • SDN
  • Security

IPv6 Security Myth #9: There Aren’t Any IPv6 Security Resources

IPv6 Security Myth #9: There Aren’t Any IPv6 Security Resources

IPv6 Security Myth #9: There Aren’t Any IPv6 Security Resources

Mar 10, 2015 | Posted by ~Chris | Internet, IPv6, IPv6 Security Myths, Security, Technology |

We are approaching the end of this 10 part series on the most common IPv6 security myths. Now it’s time to turn our eyes away from security risks to focus a bit more on security resources. Today’s myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it’s nearly impossible to find that information. So let’s get down to it and dispel our 9th myth. We’ll start by looking at a few of the high level principles and then look at a selection of resources, which contain much more detail.

Myth: There are no IPv6 Security BCPs yet
Reality: There are!

Many security standards don’t discuss IPv6 specifically. However, any general guideline related to IP likely applies to both versions – many security policies are (and should be) higher level. We saw this in Myth’s #2 and #7 to some extent and it’s also evident below, as many of these security practices apply to both IPv6 and IPv4.

Here are a few of the key principles to keep your IPv6 network secure:

  • Perform IPv6 filtering at the perimeter
  • Use RFC2827 (BCP38) and RFC3704 (BCP84) ingress filtering throughout the network
  • Use manual tunnels (with IPsec whenever possible) instead of dynamic tunnels and deny packets for transition techniques not used
  • Use common access-network security measures (NAC/802.1X, disable unused switch ports, Ethernet port security, MACSec/TrustSec)
  • Strive to achieve equivalent protections for IPv6 as with IPv4
  • Continue to let vendors know what you expect in terms of IPv6 security features

Myth: There are no IPv6 Security Resources available
Reality: There are!

The BCPs above are really just the tip of the iceberg when it comes to all the things you need to know to securely deploy IPv6. For a deeper dive on how to actually execute on these high level policies you’ll want to do some more reading. Here are a couple of the best IPv6 security resources I’m aware of. Read them and you’re well on your way to being a true IPv6 security expert!

  • IPv6 Security, By Scott Hogg and Eric Vyncke, Cisco Press, 2009
  • CPNI Viewpoint: Security Implications of IPv6
  • Operational Security Considerations for IPv6 Networks
  • IPv6 Hackers is a forum for IPv6 security researchers and networking pros
  • Deploy360 has a section specifically on IPv6 Security
  • Search engines are your friends! There’s lots more info out there!

What are your favorite IPv6 security resources? Leave a comment!

Sharing is Caring!

  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • More
  • Click to email this to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Skype (Opens in new window)

Related

Share

About ~Chris

Creative|Technologist. Curious. Boisterous. Autotelic Autodidact. Heretic. Hacker. Rider of Boards. Writer of Words. ...Traveler of Time... Client Success VP @ Myriad360.

Leave a Reply

Thanks for reaching out!
Cancel Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reach Out

Hi! I'd love to hear from you. Send me an email and I'll get back to you, asap.

Send Message

Search this site!

ISOC Tech Policy IETF Learning CircleID TechFieldDay IPv6 Happiness Creativity Security Juniper ARIN Policy Networking Travel Update SDN Technology Colorado Miscellaneous Internet Politics IPv6 Security Myths Philosophy

Popular Posts:

  • NAT444 (CGN/LSN) and What it Breaks
  • VMware Embracing Terraform
  • Chris Grundemann
  • Introducing IPv6 | Understanding IPv6 Addresses

Recent Posts:

  • 2021: Setting My Intention
  • 2020 in the Rear View
  • General McChrystal is Wrong
  • 2020: Six Down, Six To Go

Let’s Connect!

© 2021 · Chris Grundemann.

Prev Next
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.