IPv6 Firewall Functions Analysis

Currently, the most security solutions are based on technologies realted to the old IPv4 protocol. Although the new protocol requires a different approach, the network security solution often does not correspond and the network protection may be affected. One of the results of the IPv6 implementation is the end of network address translation (NAT). Despite its disadvantages, NAT can act as a security element of IPv6 protocol. The goal of this paper is to analyse, present and compare firewall functions at the most used Windows and Linux distribution along with the detailed packet analysis.

[1]  Elwyn B. Davies,et al.  IPv6 Transition/Co-existence Security Considerations , 2007, RFC.

[2]  Suresh Krishnan,et al.  Handling of Overlapping IPv6 Fragments , 2009, RFC.

[3]  Hyug-Hyun Cho,et al.  Experiments and Countermeasures of Security Vulnerabilities on Next Generation Network , 2007, Future Generation Communication and Networking (FGCN 2007).

[4]  Marcelo Bagnulo,et al.  Shim6: Level 3 Multihoming Shim Protocol for IPv6 , 2009, RFC.

[5]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[6]  Fernando Gont,et al.  Security Implications of IPv6 on IPv4 Networks , 2014, RFC.

[7]  Tony Hain,et al.  Architectural Implications of NAT , 2000, RFC.

[8]  Zhen Yang,et al.  Design and Implementation of Distributed Firewall System for IPv6 , 2009, 2009 International Conference on Communication Software and Networks.

[9]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification , 2006, RFC.

[10]  Fernando Gont Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery , 2013, RFC.

[11]  James Woodyatt,et al.  Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service , 2011, RFC.

[12]  Fernando Gont Processing of IPv6 "Atomic" Fragments , 2013, RFC.

[13]  Iljitsch van Beijnum,et al.  A Comparison of IPv6-over-IPv4 Tunnel Mechanisms , 2013, RFC.

[14]  Fernando Gont,et al.  Implications of Oversized IPv6 Header Chains , 2014, RFC.

[15]  Elwyn B. Davies,et al.  Recommendations for Filtering ICMPv6 Messages in Firewalls , 2007, RFC.

[16]  Marcelo Bagnulo,et al.  Considerations on the Application of the Level 3 Multihoming Shim Protocol for IPv6 (Shim6) , 2012, RFC.

[17]  Ralph E. Droms,et al.  Local Network Protection for IPv6 , 2007, RFC.

[18]  George Neville-Neil,et al.  Deprecation of Type 0 Routing Headers in IPv6 , 2007, RFC.

[19]  Aiko Pras,et al.  DNSSEC meets real world: dealing with unreachability caused by fragmentation , 2014, IEEE Communications Magazine.