IPv6 Security

122 Chapter 3: IPv6 Internet Securitytransition to using a shim. Packet filters also need to be aware of session state when theULIDs change within the shim.Currently discussions are ongoing within the IETF about the use of shim6 and how itimpacts other aspects of the IPv6 protocol and the operations of an IPv6 network. There areonly a couple of implementations for hosts. There are discussions about integrating thisfunctionality into routers so that they can perform this process on behalf of devices that donot have sufficient resources to create the shim themselves. There is also discussion abouthow the shim could be used for traffic engineering purposes instead of a simplemultihoming solution. For the most updated information on this topic, you can go to theshim6 IETF working group site at http://www.ietf.org/html.charters/shim6-charter.html.SummaryThere will be many large-scale Internet threats that plague the IPv6 Internet in just the sameway as DoS attacks disrupt today’s Internet. Hopefully the larger address space of IPv6 willmake scanning worms a thing of the past; however, other types of worms are likely toevolve. If service providers and customer organizations are performing ingress and egressfiltering, tracebacks will be easier. The more research done on these IPv6 Internet threats,the more secure the IPv6 Internet will be in the future.Service providers might be hesitant to add IPv6 functionality to their production IPv4networks. They have a fear that new IPv6 vulnerabilities will lead to instability of theirrevenue-generating IPv4 networks. Network service providers can leverage secure BGPpeering to help make the Internet a safer place for all. If service providers perform theproper filtering, they can mitigate many of these risks. Many organizations are connectingto dual-stack services today, and service providers can leverage their existing MPLSinfrastructures to create secure IPv6 services.The key is to make the customers’ experience transparent, which means making it easy forthem to configure their devices and securely automate address assignments. However,customers will have the same demands of IPv6 Internet connectivity as they have with IPv4Internet connectivity. That means that solutions to IPv6 multihoming will need to bedeveloped and secured.ReferencesAfriNIC. ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest.APNIC. http://ftp.apnic.net/stats/apnic/delegated-apnic-latest.ARIN. ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest.

Previous page

Next page

2

4

6

8

10

12

14

16

18

20

22

24

26

28

30

32

34

36

38

40

42

44

46

48

50

52

54

56

58

60

62

64

66

68

70

72

74

76

78

80

82

84

86

88

90

92

94

96

98

100

102

104

106

108

110

112

114

116

118

120

122

124

126

128

130

132

134

136

138

140

142

144

146

148

150

152

154

156

158

160

162

164

166

168

IPv6 Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?