skip to content
IPv6 security : information assurance for the next-generation internet protocol Preview this item
ClosePreview this item

IPv6 security : information assurance for the next-generation internet protocol

Author: Scott Hogg; Eric Vyncke; Joseph Karpenko; Darrin Miller
Publisher: Indianapolis, Ind. : Cisco Press, ©2009.
Edition/Format:   eBook : Document : EnglishView all editions and formats

(not yet rated) 0 with reviews - Be the first.

More like this


Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...


Genre/Form: Electronic books
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Scott Hogg; Eric Vyncke; Joseph Karpenko; Darrin Miller
OCLC Number: 793494190
Notes: Title from title screen.
Description: 1 online resource
Contents: IntroductionChapter 1 Introduction to IPv6 SecurityReintroduction to IPv6 3IPv6 Update 6IPv6 Vulnerabilities 7Hacker Experience 8IPv6 Security Mitigation Techniques 9Summary Recommended Readings and Resources Chapter 2 IPv6 Protocol Security VulnerabilitiesThe IPv6 Protocol Header ICMPv6 ICMPv6 Functions and Message Types ICMPv6 Attacks and Mitigation Techniques Multicast Security Extension Header Threats Extension Header Overview Extension Header Vulnerabilities Hop-by-Hop Options Header and Destination Options Header IPv6 Extension Header Fuzzing Router Alert Attack Routing Headers RH0 Attack Preventing RH0 Attacks Additional Router Header Attack Mitigation Techniques Fragmentation Header Overview of Packet Fragmentation Issues Fragmentation Attacks Preventing Fragmentation Attacks Virtual Fragment Reassembly Unknown Option Headers Upper-Layer Headers Reconnaissance on IPv6 Networks Scanning and Assessing the Target Registry Checking Automated Reconnaissance Speeding Up the Scanning Process Leveraging Multicast for Reconnaissance Automated Reconnaissance Tools Sniffing to Find Nodes Neighbor Cache Node Information Queries Protecting Against Reconnaissance Attacks Layer 3 and Layer 4 Spoofing Summary References Chapter 3 IPv6 Internet SecurityLarge-Scale Internet Threats Packet Flooding Internet Worms Worm Propagation Speeding Worm Propagation in IPv6 Current IPv6 Worms Preventing IPv6 Worms Distributed Denial of Service and Botnets DDoS on IPv6 Networks Attack Filtering Attacker Traceback Black Holes and Dark Nets Ingress/Egress Filtering Filtering IPv6 Traffic Filtering on Allocated Addresses Bogon Filtering Bogon Filtering Challenges and Automation Securing BGP Sessions Explicitly Configured BGP Peers Using BGP Session Shared Secrets Leveraging an IPsec Tunnel Using Loopback Addresses on BGP Peers Controlling the Time-to-Live (TTL) on BGP Packets Filtering on the Peering Interface Using Link-Local Peering Link-Local Addresses and the BGP Next-Hop Address Drawbacks of Using Link-Local Addresses Preventing Long AS Paths Limiting the Number of Prefixes Received Preventing BGP Updates Containing Private AS Numbers Maximizing BGP Peer Availability Disabling Route-Flap Dampening Disabling Fast External Fallover Enabling Graceful Restart and Route Refresh or Soft Reconfiguration BGP Connection Resets Logging BGP Neighbor Activity Securing IGP Extreme Measures for Securing Communications Between BGP Peers IPv6 over MPLS Security Using Static IPv6 over IPv4 Tunnels Between PE Routers Using 6PE Using 6VPE to Create IPv6-Aware VRFs Customer Premises Equipment Prefix Delegation Threats SLAAC DHCPv6 Multihoming Issues Summary References Chapter 4 IPv6 Perimeter SecurityIPv6 Firewalls Filtering IPv6 Unallocated Addresses Additional Filtering Considerations Firewalls and IPv6 Headers Inspecting Tunneled Traffic Layer 2 Firewalls Firewalls Generate ICMP Unreachables Logging and Performance Firewalls and NAT Cisco IOS Router ACLs Implicit IPv6 ACL Rules Internet ACL Example IPv6 Reflexive ACLs Cisco IOS Firewall Configuring IOS Firewall IOS Firewall Example IOS Firewall Port-to-Application Mapping for IPv6 Cisco PIX/ASA/FWSM Firewalls Configuring Firewall Interfaces Management Access Configuring Routes Security Policy Configuration Object Group Policy Configuration Fragmentation Protection Checking Traffic Statistics Neighbor Discovery Protocol Protections Summary References Chapter 5 Local Network SecurityWhy Layer 2 Is Important ICMPv6 Layer 2 Vulnerabilities for IPv6 Stateless Address Autoconfiguration Issues Neighbor Discovery Issues Duplicate Address Detection Issues Redirect Issues ICMPv6 Protocol Protection Secure Neighbor Discovery Implementing CGA Addresses in Cisco IOS Understanding the Challenges with SEND Network Detection of ICMPv6 Attacks Detecting Rogue RA Messages Detecting NDP Attacks Network Mitigation Against ICMPv6 Attacks Rafixd Reducing the Target Scope IETF Work Extending IPv4 Switch Security to IPv6 Privacy Extension Addresses for the Better and the Worse DHCPv6 Threats and Mitigation Threats Against DHCPv6 Mitigating DHCPv6 Attacks Mitigating the Starvation Attack Mitigating the DoS Attack Mitigating the Scanning Mitigating the Rogue DHCPv6 Server Point-to-Point Link Endpoint Security Summary References Chapter 6 Hardening IPv6 Network DevicesThreats Against Network Devices Cisco IOS Versions Disabling Unnecessary Network Services Interface Hardening Limiting Router Access Physical Access Security Securing Console Access Securing Passwords VTY Port Access Controls AAA for Routers HTTP Access IPv6 Device Management Loopback and Null Interfaces Management Interfaces Securing SNMP Communications Threats Against Interior Routing Protocol RIPng Security EIGRPv6 Security IS-IS Security OSPF Version 3 Security First-Hop Redundancy Protocol Security Neighbor Unreachability Detection HSRPv6 GLBPv6 Controlling Resources Infrastructure ACLs Receive ACLs Control Plane Policing QoS Threats Summary References Chapter 7 Server and Host SecurityIPv6 Host Security Host Processing of ICMPv6 Services Listening on Ports Microsoft Windows Linux BSD Sun Solaris Checking the Neighbor Cache Microsoft Windows Linux BSD Sun Solaris Detecting Unwanted Tunnels Microsoft Windows Linux BSD Sun Solaris IPv6 Forwarding Microsoft Windows Linux BSD Sun Solaris Address Selection Issues Microsoft Windows Linux BSD Sun Solaris Host Firewalls Microsoft Windows Firewall Linux Firewalls BSD Firewalls OpenBSD Packet Filter ipfirewall IPFilter Sun Solaris Securing Hosts with Cisco Security Agent 6.0 Summary References Chapter 8 IPsec and SSL Virtual Private NetworksIP Security with IPv6 IPsec Extension Headers IPsec Modes of Operation Internet Key Exchange (IKE) IKE Version 2 IPsec with Network Address Translation IPv6 and IPsec Host-to-Host IPsec Site-to-Site IPsec Configuration IPv6 IPsec over IPv4 Example Configuring IPv6 IPsec over IPv4 Verifying the IPsec State Adding Some Extra Security Dynamic Crypto Maps for Multiple Sites IPv6 IPsec Example Configuring IPsec over IPv6 Checking the IPsec Status Dynamic Multipoint VPN Configuring DMVPN for IPv6 Verifying the DMVPN at the Hub Verifying the DMVPN at the Spoke Remote Access with IPsec SSL VPNs Summary References Chapter 9 Security for IPv6 MobilityMobile IPv6 Operation MIPv6 Messages Indirect Mode Home Agent Address Determination Direct Mode Threats Linked to MIPv6 Protecting the Mobile Device Software Rogue Home Agent Mobile Media Security Man-in-the-Middle Threats Connection Interception Spoofing MN-to-CN Bindings DoS Attacks Using IPsec with MIPv6 Filtering for MIPv6 Filters at the CN Filters at the MN/Foreign Link Filters at the HA Other IPv6 Mobility Protocols Additional IETF Mobile IPv6 Protocols Network Mobility (NEMO) IEEE .16e Mobile Ad-hoc Networks Summary References Chapter 10 Securing the Transition MechanismsUnderstanding IPv4-to-IPv6 Transition Techniques Dual-Stack Tunnels Configured Tunnels 6to4 Tunnels ISATAP Tunnels Teredo Tunnels 6VPE Protocol Translation Implementing Dual-Stack Security Exploiting Dual-Stack Environment Protecting Dual-Stack Hosts Hacking the Tunnels Securing Static Tunnels Securing Dynamic Tunnels 6to4 ISATAP Teredo Securing 6VPE Attacking NAT-PT IPv6 Latent Threats Against IPv4 Networks Summary References Chapter 11 Security MonitoringManaging and Monitoring IPv6 Networks Router Interface Performance Device Performance Monitoring SNMP MIBs for Managing IPv6 Networks IPv6-Capable SNMP Management Tools NetFlow Analysis Router Syslog Messages Benefits of Accurate Time Managing IPv6 Tunnels Using Forensics Using Intrusion Detection and Prevention Systems Cisco IPS Version 6.1 Testing the IPS Signatures Managing Security Information with CS-MARS Managing the Security Configuration Summary References Chapter 12 IPv6 Security ConclusionsComparing IPv4 and IPv6 Security Similarities Between IPv4 and IPv6 Differences Between IPv4 and IPv6 Changing Security Perimeter Creating an IPv6 Security Policy Network Perimeter Extension Headers LAN Threats Host and Device Hardening Transition Mechanisms IPsec Security Management On the Horizon Consolidated List of Recommendations Summary References 1587055945 TOC 11/25/2008
Other Titles: Information assurance for the next-generation internet protocol
Responsibility: Scott Hogg, Eric Vyncke ; technical reviewers, Joseph Karpenko, Darrin Miller.


User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...


Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data

Primary Entity

<> # IPv6 security : information assurance for the next-generation internet protocol
    a schema:CreativeWork, schema:MediaObject, schema:Book ;
   library:oclcnum "793494190" ;
   library:placeOfPublication <> ; # Indianapolis, Ind.
   library:placeOfPublication <> ;
   schema:about <> ; # TCP/IP (Computer network protocol)
   schema:about <> ;
   schema:about <> ; # Computer networks--Security measures
   schema:about <> ; # Computer networks--Security measures
   schema:alternateName "Information assurance for the next-generation internet protocol" ;
   schema:author <> ; # Eric Vyncke
   schema:bookFormat schema:EBook ;
   schema:contributor <> ; # Joseph Karpenko
   schema:contributor <> ; # Darrin Miller
   schema:copyrightYear "2009" ;
   schema:creator <> ; # Scott Hogg
   schema:datePublished "2009" ;
   schema:exampleOfWork <> ;
   schema:genre "Electronic books"@en ;
   schema:inLanguage "en" ;
   schema:name "IPv6 security : information assurance for the next-generation internet protocol"@en ;
   schema:productID "793494190" ;
   schema:publication <> ;
   schema:publisher <> ; # Cisco Press
   schema:url <> ;
   schema:url <> ;
   wdrs:describedby <> ;

Related Entities

<> # Joseph Karpenko
    a schema:Person ;
   schema:familyName "Karpenko" ;
   schema:givenName "Joseph" ;
   schema:name "Joseph Karpenko" ;

<> # Darrin Miller
    a schema:Person ;
   schema:familyName "Miller" ;
   schema:givenName "Darrin" ;
   schema:name "Darrin Miller" ;

<> # Indianapolis, Ind.
    a schema:Place ;
   schema:name "Indianapolis, Ind." ;

<> # Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Computer networks--Security measures"@en ;

<> # TCP/IP (Computer network protocol)
    a schema:Intangible ;
   schema:name "TCP/IP (Computer network protocol)"@en ;

<> # Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Computer networks--Security measures"@en ;

<> # Eric Vyncke
    a schema:Person ;
   schema:familyName "Vyncke" ;
   schema:givenName "Eric" ;
   schema:name "Eric Vyncke" ;

<> # Scott Hogg
    a schema:Person ;
   schema:familyName "Hogg" ;
   schema:givenName "Scott" ;
   schema:name "Scott Hogg" ;

    a genont:InformationResource, genont:ContentTypeGenericResource ;
   schema:about <> ; # IPv6 security : information assurance for the next-generation internet protocol
   schema:dateModified "2018-03-11" ;
   void:inDataset <> ;

Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.