Security Mechanisms for the IPv4 to IPv6 Transition

Transition from IPv4 to IPv6 has been made possible through various transition mechanisms, categorized as dual-stack, tunneling and translation. However, period of transition may take years to complete which both protocols will coexist due to Internet services deployed are widely in IPv4. So, a successful IPv6 transition is depended on the compatibility with the large installed base of IPv4 hosts and routers, as well as maintaining security of the network from potential threats and vulnerabilities of both Internet protocols. This paper classifies potential security issues in the transition period and identifies prevention mechanisms to the problems identified. As dual-stacked host or network is the most simple IPv6 deployment any enterprise can settle for now, this paper focuses on possible implementation of distributed firewall in a dual-stacked environment which involves packet filtering at the edge router as well as the host-based firewall.

[1]  Erik Nordmark,et al.  Basic Transition Mechanisms for IPv6 Hosts and Routers , 2005, RFC.

[2]  Giuseppe Di Battista,et al.  IPv6-in-IPv4 Tunnel Discovery: Methods and Experimental Results , 2004, IEEE Transactions on Network and Service Management.

[3]  Fangzhe Chang,et al.  Realizing the Transition to IPv , 2002 .

[4]  Xinyu Yang,et al.  Typical DoS/DDoS Threats under IPv6 , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[5]  J. Stuart Broderick Firewalls - Are they enough protection for current networks? , 2005, Inf. Secur. Tech. Rep..

[6]  Elwyn B. Davies,et al.  Recommendations for Filtering ICMPv6 Messages in Firewalls , 2007, RFC.

[7]  Fangzhe Chang,et al.  Realizing the transition to IPv6 , 2002 .

[8]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[9]  Hannes Tschofenig,et al.  Using IPsec to Secure IPv6-in-IPv4 Tunnels , 2007, RFC.

[10]  Elwyn B. Davies,et al.  IPv6 Transition/Co-existence Security Considerations , 2007, RFC.