fernando at lozano.eti.br
Fri Jul 12 16:01:03 UTC 2013
I took me time to recover this one, another more techinical content
about IPv6 security:
s, Fernando Lozano
>>> You keep talking about IPv6 security risks (over IPv4), but haven't
>>> cited any.
>> While I don't know of security risks of IPv6, itself, there is this:
> If you follow IPv6 on the net you should have found lots of articles
> about this, and how it affects specially home users and SMBs. Here are
> some introductory links:
> Most vendors and ISPs won't talk about his -- IPv6 is a selling point
> -- but here's buried inside an AT&T white paper:
> "According to the National Institute of Standards and Technology (NIST):
> Prevention of unauthorized access to IPv6 networks will likely be
> more difficult in the early years of IPv6 deployments. IPv6 adds more
> components to be filtered than IPv4, such as extension headers,
> multicast addressing, and increased use of ICMP. These extended
> capabilities of IPv6, as well as the possibility of an IPv6 host
> having a number of global IPv6 addresses, potentially provides an
> environment that will make network-level access easier for attackers
> due to improper deployment of IPv6 access controls. Moreover,
> security related tools and accepted best practices have been slow
> to accommodate IPv6. Either these items do not exist or have not
> been stress tested in an IPv6 environment"
> For more techinical content, you can visit
> which is Fernando Gont home page (author of some IETF RFCs), and see
> theslides at
>> How is your firewall set up?
> That's not the question. I am an experienced sysadmin and networking
> expert, I know where to search for information and what to look for.
> But today most computer users, not just Fedora users, do not have this
> expertise and won't spend enough time researching. They expect to get
> minimally secure default from vendors and open source projects.
> something most DO NOT provide currenty, regarding IPv6. :-(
> The fact is: today, even most experienced network admins do not know
> enough about IPv6 security. Most ones I talked to still believe "IPv6
> is more secure by design" which it isn't.
> s, Fernando Lozano
More information about the users