Home / Blogs

IPv6 Security Myth #9: There Aren’t Any IPv6 Security Resources

By Chris Grundemann Creative|Technologist

We are approaching the end of this 10 part series on the most common IPv6 security myths. Now it’s time to turn our eyes away from security risks to focus a bit more on security resources. Today’s myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it’s nearly impossible to find that information. So let’s get down to it and dispel our 9th myth. We’ll start by looking at a few of the high level principles and then look at a selection of resources, which contain much more detail.

Myth: There are no IPv6 Security BCPs yet
Reality: There are!

Many security standards don’t discuss IPv6 specifically. However, any general guideline related to IP likely applies to both versions—many security policies are (and should be) higher level. We saw this in Myth’s #2 and #7 to some extent and it’s also evident below, as many of these security practices apply to both IPv6 and IPv4.

Here are a few of the key principles to keep your IPv6 network secure:
Perform IPv6 filtering at the perimeter

  • Use RFC2827 (BCP38) and RFC3704 (BCP84) ingress filtering throughout the network
  • Use manual tunnels (with IPsec whenever possible) instead of dynamic tunnels and deny packets for transition techniques not used
  • Use common access-network security measures (NAC/802.1X, disable unused switch ports, Ethernet port security, MACSec/TrustSec)
  • Strive to achieve equivalent protections for IPv6 as with IPv4
  • Continue to let vendors know what you expect in terms of IPv6 security features

Myth: There are no IPv6 Security Resources available
Reality: There are!

The BCPs above are really just the tip of the iceberg when it comes to all the things you need to know to securely deploy IPv6. For a deeper dive on how to actually execute on these high level policies you’ll want to do some more reading. Here are a couple of the best IPv6 security resources I’m aware of. Read them and you’re well on your way to being a true IPv6 security expert!

What are your favorite IPv6 security resources? Leave a comment!

By Chris Grundemann, Creative|Technologist

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

View All Topics