- ISBN: 9781420092295 | 1420092294
- Cover: Hardcover
- Copyright: 12/16/2008
Navigate the IP Transition and Address Security Concerns As Internet Protocol Version 6 (IPv6) becomes an institutional imperative to support billions of intelligent systems requiring explicit end-to-end device addressability, questions emerge about the security of an IPv6-based architecture and the strategies for transition from IPv4.
| Preface | p. xiii |
| About the Authors | p. xv |
| Introduction, Overview, and Motivations | p. 1 |
| Introduction and Motivations | p. 1 |
| IPv6 Overview | p. 8 |
| Overview of Traditional Security Approaches and Mechanisms | p. 33 |
| References | p. 47 |
| Six-Month Listing of IPv6 Press | p. 50 |
| Basic IPv6 Protocol Mechanisms | p. 69 |
| Introduction | p. 69 |
| IPv6 Addressing Mechanisms | p. 69 |
| Addressing Conventions | p. 70 |
| Note | p. 72 |
| Addressing Issues/Reachability | p. 72 |
| Note | p. 75 |
| Address Types | p. 76 |
| Unicast IPv6 Addresses | p. 76 |
| Aggregatable Global Unicast Addresses | p. 77 |
| Link-Local (Unicast) Addresses | p. 77 |
| Unspecified (Unicast) Address | p. 78 |
| Loopback (Unicast) Address | p. 78 |
| Compatibility (Unicast) Addresses | p. 78 |
| Multicast IPv6 Addresses | p. 78 |
| Anycast IPv6 Addresses | p. 81 |
| Addresses for Hosts and Routers | p. 81 |
| Interface Determination | p. 82 |
| Mapping EUI-64 Addresses to IPv6 Interface Identifiers | p. 83 |
| Mapping IEEE 802 Addresses to IPv6 Interface Identifers | p. 84 |
| Randomly Generated Interface Identifiers | p. 84 |
| IPv6 Addressing (Details) | p. 85 |
| Addressing Model | p. 85 |
| Text Representation of Addresses | p. 86 |
| Text Representation of Address Prefixes | p. 87 |
| Address Type Identification | p. 88 |
| Unicast Addresses | p. 88 |
| Interface Identifiers | p. 89 |
| The Unspecified Address | p. 90 |
| The Loopback Address | p. 90 |
| Global Unicast Addresses | p. 90 |
| IPv6 Addresses with Embedded IPv4 Addresses | p. 91 |
| Note | p. 91 |
| Local-Use IPv6 Unicast Addresses | p. 91 |
| Anycast Addresses | p. 92 |
| Required Anycast Address | p. 93 |
| Multicast Addresses | p. 93 |
| Predefined Multicast Addresses | p. 94 |
| A Node's Required Addresses | p. 96 |
| IANA Considerations | p. 96 |
| Notes | p. 97 |
| Creating Modified EUI-64 Format Interface Identifiers | p. 97 |
| Links or Nodes with IEEE EUI-64 Identifiers | p. 97 |
| Links or Nodes with IEEE 802 48-bit MACs | p. 98 |
| Links with Other Kinds of Identifiers | p. 98 |
| Links without Identifiers | p. 99 |
| 64-Bit Global Identifier (EUI-64) Registration Authority | p. 99 |
| Application Restrictions | p. 100 |
| Distribution Restrictions | p. 100 |
| Application Documentation | p. 100 |
| Manufacturer-Assigned Identifiers | p. 101 |
| References | p. 101 |
| More Advanced IPv6 Protocol Mechanisms | p. 105 |
| Introduction | p. 105 |
| IPv6 and Related Protocols (Details) | p. 106 |
| Note | p. 107 |
| IPv6 Header Format | p. 107 |
| IPv6 Extension Headers | p. 108 |
| Extension Header Order | p. 109 |
| Options | p. 110 |
| Note | p. 112 |
| Hop-by-Hop Options Header | p. 112 |
| Routing Header | p. 113 |
| Fragment Header | p. 116 |
| Note | p. 117 |
| Destination Options Header | p. 121 |
| No Next Header | p. 122 |
| Packet Size Issues | p. 122 |
| Flow Labels | p. 123 |
| Traffic Classes | p. 123 |
| Upper-Layer Protocol Issues | p. 124 |
| Upper-Layer Checksums | p. 124 |
| Maximum Packet Lifetime | p. 125 |
| Maximum Upper-Layer Payload Size | p. 125 |
| Responding to Packets Carrying Routing Headers | p. 125 |
| Semantics and Usage of the Flow Label Field | p. 126 |
| Formatting Guidelines for Options | p. 127 |
| IPv6 Infrastructure | p. 130 |
| Protocol Mechanisms | p. 130 |
| Protocol-Support Mechanisms | p. 130 |
| Routing and Route Management | p. 134 |
| Configuration Methods | p. 136 |
| Dynamic Host Configuration Protocol for IPv6 | p. 138 |
| More on Transition Approaches and Mechanisms | p. 142 |
| References | p. 144 |
| Neighbor Discovery for IP Version 6 (IPv6) Protocol | p. 145 |
| Functionality | p. 145 |
| Mobile IP Version 6 (MIPv6) | p. 150 |
| Basic Operation of Mobile IPv6 | p. 151 |
| Enabling IPv6 in Cisco Routers | p. 156 |
| Enabling IPv6 Routing and Configuring IPv6 Addressing | p. 156 |
| Enabling IPv6 Processing Globally on the Router | p. 156 |
| Configuring IPv6 Addresses | p. 156 |
| Verifying IPv6 Operation and Address Configuration | p. 157 |
| IPv6 Routing and IPv6 Address Configuration Example | p. 160 |
| Security Mechanisms and Approaches | p. 163 |
| Introduction | p. 163 |
| Security 101 | p. 163 |
| Review of Firewall-Based Perimeter Security | p. 174 |
| Firewall Capabilities | p. 176 |
| Network Address Translation (NAT) | p. 177 |
| Virtual Private Network (VPN) | p. 177 |
| Demilitarized Zones (DMZ) | p. 177 |
| Antispoofing | p. 177 |
| Firewall Types | p. 178 |
| Packet Filter | p. 179 |
| Proxy | p. 179 |
| Stateful Inspection | p. 180 |
| Firewall Architecture | p. 181 |
| IPv6 Areas of Security Concerns: Addresses | p. 182 |
| IPv6 Addressing Security | p. 182 |
| IPv6 Anycast Address Security | p. 186 |
| Documented Issues for IPv6 Security | p. 186 |
| References | p. 188 |
| Risks and Vulnerabilities | p. 190 |
| Static Session Hijacking | p. 190 |
| Redirection Attacks | p. 191 |
| Denial of Service (Flooding Attacks) | p. 192 |
| Address Privacy | p. 193 |
| Cause Packets to Be Sent to the Attacker | p. 193 |
| "Classic" Redirection Attack | p. 193 |
| Time-Shifting Attack | p. 194 |
| Cause Packets to Be Sent to a Black Hole | p. 194 |
| Third Party Denial-of-Service Attacks | p. 194 |
| Basic IPv6 Security Considerations | p. 195 |
| Introduction | p. 195 |
| IPv6 Flow Labels Issues | p. 195 |
| ICMPv6 Issues | p. 197 |
| Neighbor Discovery Issues | p. 198 |
| Routing Headers | p. 202 |
| DNS Issues | p. 203 |
| Minimum Security Plan | p. 204 |
| References | p. 205 |
| IPsec and Its Use in IPv6 Environments | p. 207 |
| Introduction | p. 207 |
| Overview | p. 208 |
| IPsec Modes | p. 210 |
| IP Authentication Header (AH) | p. 213 |
| IP Encapsulating Security Protocol (ESP) | p. 214 |
| Supportive Infrastructure: IPSec Architecture | p. 217 |
| Related Observations | p. 220 |
| References | p. 222 |
| Firewall Use in IPv6 Environments | p. 225 |
| Introduction | p. 225 |
| Role of Firewalls for IPv6 Perimeters | p. 226 |
| Packet Filtering | p. 231 |
| Extension Headers and Fragmentation | p. 235 |
| Concurrent Processing | p. 237 |
| Firewall Functionality | p. 237 |
| Related Tools | p. 238 |
| References | p. 241 |
| Market Status | p. 241 |
| Security Considerations for Migrations/Mixed IPv4-IPv6 Networks | p. 243 |
| Introduction | p. 243 |
| Transition Basics | p. 243 |
| Security Issues Associated with Transition | p. 249 |
| Threats and the Use of IPsec | p. 256 |
| IPsec in Transport Mode | p. 256 |
| IPsec in Tunnel Mode | p. 257 |
| Router-to-Router Tunnels | p. 257 |
| Site-to-Router/Router-to-Site Tunnels | p. 258 |
| Host-to-Host Tunnels | p. 258 |
| NATs, Packet Filtering, and Teredo | p. 260 |
| Use of Host-Based Firewalls | p. 262 |
| Use of Distributed Firewalls | p. 264 |
| References | p. 265 |
| Index | p. 267 |
| Table of Contents provided by Ingram. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.
Please wait while the item is added to your bag...
×
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.