ExperTeach Networking Logo

IPv6 and Security

How to Properly Secure Networks and End Devices

ExperTeach Networking Logo
The introduction of IPv6 raises new security issues for providers, enterprise network operators and private customers. After all, IPv6 offers new opportunities to compromise a network. On the one hand, there are variants of existing types of attack, and on the other, IPv6 opens up new security gaps. In order to protect an IPv6 network, in addition to these fundamental security issues, it must be clarified whether the components used to date, such as firewalls, proxies or IPS, are equipped for IPv6. How is a migration carried out correctly from a security perspective? What will change after the elimination of NAT due to permanent accessibility via public addresses? This IPv6 security course provides a detailed overview of these current issues. Participants will learn how to assess the risks posed by IPv6 for their network and how to plan comprehensive protection.

Course Contents

  • New points of attack through IPv6
  • Securing IPv6 addressing
  • The auxiliary protocols ICMPv6 and DHCPv6 from a security perspective
  • IPv6 and First Hop Security
  • Securing IPv6 networks
  • Securing endpoints
  • Securing routers for IPv6
  • Adapt firewalls to IPv6
  • Securing the migration

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

  • High-quality color prints of the ExperTeach documentation
  • Exclusive folder in an elegant design
  • Document pouch in backpack shape
  • Elegant LAMY ballpoint pen
  • Practical notepad
Premium Print
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).

Request in-house training now

Target Group

The course is suitable for planners, administrators and security officers who want to plan, prepare or accompany a migration to IPv6.

Knowledge Prerequisites

Participants need solid knowledge of the conventional IP world and must be well acquainted with IPv6. Prior attendance of the course IPv6 - Addressing, Routing and IPv4 Interworking is strongly recommended. It is also assumed that the participants know and understand common security concepts.

Alternatives

Book this course together with IPv6 – Addressing, Routing, and IPv4 Interworking as PowerPackage IPv6 for the discounted price of € 2.395,-.

1 Basic safety considerations
 
1.1 Basic considerations
 
1.1.1 Security measures
 
1.1.2 Personnel and service providers
 
1.2 IPv4 and IPv6 security in comparison
 
1.2.1 Differences between IPv4 and IPv6
 
1.3 The current security situation
 
1.3.1 Vulnerable IPv6 stacks
 
1.3.2 The firewall
 
1.3.3 Intrusion Prevention System
 
1.4 The IPv6 header from a security point of view
 
1.4.1 The Flow Label - Covert Channel
 
1.4.2 Extension Header Parsing
 
1.4.3 Security relevance of the extension headers
 
1.4.4 The filtering of IPv6
 
1.5 Testing the security - Tools for IPv6 Vulnerability Tests
 
1.5.1 NMAP
 
1.5.2 Nessus and OpenVAS
 
1.5.3 Packet generators
 
1.5.4 The THC tools collection
 
1.5.5 SI6 tools
2 IPv6 addressing from a security point of view
 
2.1 Security relevance of NAT
 
2.1.1 IPv6-IPv6 Network Prefix Translation (NAT66)
 
2.2 Security considerations for address types
 
2.2.1 EUI 64 - Large recognition value
 
2.2.2 Temporary addresses
 
2.3 Exploring IPv6 addresses
 
2.3.1 Passive sniffing
 
2.3.2 Detect-New-IP6
 
2.3.3 Multicast enumeration
 
2.3.4 Alive6
 
2.3.5 Registry query
 
2.3.6 IPv6 network scanning
 
2.3.7 IPv6 address guessing
 
2.3.8 DNS Reconnaissance
3 IPv6 and First Hop Security
 
3.1 Neighbor Discovery Attacks
 
3.1.1 Trust Models and Threats
 
3.1.2 NDP Spoofing
 
3.1.3 Neighbor Unreachability Detection (NUD)
 
3.1.4 DoS_New_IP6
 
3.1.5 NDP Exhaustion Attack
 
3.1.6 Neighbor Advertisement Flooding
 
3.2 SLAAC Attacks
 
3.2.1 Rogue router
 
3.2.2 Man in the Middle with RAs
 
3.2.3 Faked Default Gateway
 
3.2.4 RA flooding
 
3.3 DHCPv6 attacks
 
3.3.1 DHCPv6 Starvation
 
3.3.2 Rogue DHCPv6 server
 
3.4 ICMPv6 attacks
 
3.4.1 Amplification attack
 
3.4.2 Redirect attacks
 
3.5 ACLs for security
 
3.5.1 Rogue router exclusion
 
3.5.2 Prevent rogue DHCP servers
 
3.5.3 RA Guard
 
3.5.4 DHCPv6 Guard/Shield
 
3.5.5 NDP snooping
 
3.5.6 NDP Inspection
 
3.6 SEND
 
3.6.1 Securing RAs with SEND
 
3.6.2 SEND and stateful autoconfiguration
4 Security of IPv6 networks
 
4.1 Securing routers in IPv6 networks
 
4.1.1 Setting up IPv6 ACLs
 
4.1.2 Inbound traffic
 
4.1.3 Address filtering
 
4.1.4 Filtering ICMPv6
 
4.1.5 Securing routing protocols
 
4.1.6 Authentication for routing protocols
 
4.1.7 BGP-4 - Using Link Local Unicasts
 
4.1.8 Preventing IP spoofing
 
4.2 Adapt firewalls
 
4.2.1 Questioning IPv6 capability
 
4.2.2 Check Point
 
4.2.3 Cisco ASA
 
4.2.4 Palo Alto
 
4.2.5 Fortinet
 
4.2.6 Juniper
 
4.2.7 Barracuda
 
4.2.8 Customize objects
 
4.2.9 Adding rule sets
 
4.2.10 Bogon filtering
 
4.3 Radius and IPv6
 
4.3.1 Establishing IPv6 connectivity
 
4.3.2 Freeradius and IPv6
 
4.3.3 Microsoft - Network Policy Server
 
4.3.4 RADIUS IPv6 attributes
 
4.4 IPS in IPv6 networks
 
4.5 Proxies in IPv6 networks
 
4.6 IPsec in IPv6 networks
 
4.6.1 Possible uses of IPsec
 
4.6.2 Host to Host Scenario
 
4.6.3 IPv6 VPNs
 
4.6.4 IPv6 VPDN with IPsec
 
4.6.5 IPsec RAS VPNs and IPv6
5 Security during migration
 
5.1 Mental move to IPv6
 
5.2 IPv6 Latent Threats
 
5.3 Dual Stack - Double Protection Required
 
5.3.1 Endpoint Security from an IPv6 Perspective
 
5.4 Questioning the benefits of tunnel technologies
 
5.4.1 Questioning tunnel security
 
5.4.2 Secure Configured Tunnel
 
5.4.3 Encrypt tunnel traffic
A Lab Exercises
 
A.1 Lab Exercises in the Course
 
A.1.1 Lab Setup
 
A.2 Exercises Chapter 2
 
A.3 Exercises Chapter 3
B Lab exercises online
 
B.1 Lab exercises in the course
 
B.1.1 Lab setup
 
B.2 Exercises Chapter 2
 
B.3 Exercises Chapter 3

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now
PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.

The introduction of IPv6 raises new security issues for providers, enterprise network operators and private customers. After all, IPv6 offers new opportunities to compromise a network. On the one hand, there are variants of existing types of attack, and on the other, IPv6 opens up new security gaps. In order to protect an IPv6 network, in addition to these fundamental security issues, it must be clarified whether the components used to date, such as firewalls, proxies or IPS, are equipped for IPv6. How is a migration carried out correctly from a security perspective? What will change after the elimination of NAT due to permanent accessibility via public addresses? This IPv6 security course provides a detailed overview of these current issues. Participants will learn how to assess the risks posed by IPv6 for their network and how to plan comprehensive protection.

Course Contents

  • New points of attack through IPv6
  • Securing IPv6 addressing
  • The auxiliary protocols ICMPv6 and DHCPv6 from a security perspective
  • IPv6 and First Hop Security
  • Securing IPv6 networks
  • Securing endpoints
  • Securing routers for IPv6
  • Adapt firewalls to IPv6
  • Securing the migration

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

  • High-quality color prints of the ExperTeach documentation
  • Exclusive folder in an elegant design
  • Document pouch in backpack shape
  • Elegant LAMY ballpoint pen
  • Practical notepad
Premium Print
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).

Request in-house training now

Target Group

The course is suitable for planners, administrators and security officers who want to plan, prepare or accompany a migration to IPv6.

Knowledge Prerequisites

Participants need solid knowledge of the conventional IP world and must be well acquainted with IPv6. Prior attendance of the course IPv6 - Addressing, Routing and IPv4 Interworking is strongly recommended. It is also assumed that the participants know and understand common security concepts.

Alternatives

Book this course together with IPv6 – Addressing, Routing, and IPv4 Interworking as PowerPackage IPv6 for the discounted price of € 2.395,-.

1 Basic safety considerations
 
1.1 Basic considerations
 
1.1.1 Security measures
 
1.1.2 Personnel and service providers
 
1.2 IPv4 and IPv6 security in comparison
 
1.2.1 Differences between IPv4 and IPv6
 
1.3 The current security situation
 
1.3.1 Vulnerable IPv6 stacks
 
1.3.2 The firewall
 
1.3.3 Intrusion Prevention System
 
1.4 The IPv6 header from a security point of view
 
1.4.1 The Flow Label - Covert Channel
 
1.4.2 Extension Header Parsing
 
1.4.3 Security relevance of the extension headers
 
1.4.4 The filtering of IPv6
 
1.5 Testing the security - Tools for IPv6 Vulnerability Tests
 
1.5.1 NMAP
 
1.5.2 Nessus and OpenVAS
 
1.5.3 Packet generators
 
1.5.4 The THC tools collection
 
1.5.5 SI6 tools
2 IPv6 addressing from a security point of view
 
2.1 Security relevance of NAT
 
2.1.1 IPv6-IPv6 Network Prefix Translation (NAT66)
 
2.2 Security considerations for address types
 
2.2.1 EUI 64 - Large recognition value
 
2.2.2 Temporary addresses
 
2.3 Exploring IPv6 addresses
 
2.3.1 Passive sniffing
 
2.3.2 Detect-New-IP6
 
2.3.3 Multicast enumeration
 
2.3.4 Alive6
 
2.3.5 Registry query
 
2.3.6 IPv6 network scanning
 
2.3.7 IPv6 address guessing
 
2.3.8 DNS Reconnaissance
3 IPv6 and First Hop Security
 
3.1 Neighbor Discovery Attacks
 
3.1.1 Trust Models and Threats
 
3.1.2 NDP Spoofing
 
3.1.3 Neighbor Unreachability Detection (NUD)
 
3.1.4 DoS_New_IP6
 
3.1.5 NDP Exhaustion Attack
 
3.1.6 Neighbor Advertisement Flooding
 
3.2 SLAAC Attacks
 
3.2.1 Rogue router
 
3.2.2 Man in the Middle with RAs
 
3.2.3 Faked Default Gateway
 
3.2.4 RA flooding
 
3.3 DHCPv6 attacks
 
3.3.1 DHCPv6 Starvation
 
3.3.2 Rogue DHCPv6 server
 
3.4 ICMPv6 attacks
 
3.4.1 Amplification attack
 
3.4.2 Redirect attacks
 
3.5 ACLs for security
 
3.5.1 Rogue router exclusion
 
3.5.2 Prevent rogue DHCP servers
 
3.5.3 RA Guard
 
3.5.4 DHCPv6 Guard/Shield
 
3.5.5 NDP snooping
 
3.5.6 NDP Inspection
 
3.6 SEND
 
3.6.1 Securing RAs with SEND
 
3.6.2 SEND and stateful autoconfiguration
4 Security of IPv6 networks
 
4.1 Securing routers in IPv6 networks
 
4.1.1 Setting up IPv6 ACLs
 
4.1.2 Inbound traffic
 
4.1.3 Address filtering
 
4.1.4 Filtering ICMPv6
 
4.1.5 Securing routing protocols
 
4.1.6 Authentication for routing protocols
 
4.1.7 BGP-4 - Using Link Local Unicasts
 
4.1.8 Preventing IP spoofing
 
4.2 Adapt firewalls
 
4.2.1 Questioning IPv6 capability
 
4.2.2 Check Point
 
4.2.3 Cisco ASA
 
4.2.4 Palo Alto
 
4.2.5 Fortinet
 
4.2.6 Juniper
 
4.2.7 Barracuda
 
4.2.8 Customize objects
 
4.2.9 Adding rule sets
 
4.2.10 Bogon filtering
 
4.3 Radius and IPv6
 
4.3.1 Establishing IPv6 connectivity
 
4.3.2 Freeradius and IPv6
 
4.3.3 Microsoft - Network Policy Server
 
4.3.4 RADIUS IPv6 attributes
 
4.4 IPS in IPv6 networks
 
4.5 Proxies in IPv6 networks
 
4.6 IPsec in IPv6 networks
 
4.6.1 Possible uses of IPsec
 
4.6.2 Host to Host Scenario
 
4.6.3 IPv6 VPNs
 
4.6.4 IPv6 VPDN with IPsec
 
4.6.5 IPsec RAS VPNs and IPv6
5 Security during migration
 
5.1 Mental move to IPv6
 
5.2 IPv6 Latent Threats
 
5.3 Dual Stack - Double Protection Required
 
5.3.1 Endpoint Security from an IPv6 Perspective
 
5.4 Questioning the benefits of tunnel technologies
 
5.4.1 Questioning tunnel security
 
5.4.2 Secure Configured Tunnel
 
5.4.3 Encrypt tunnel traffic
A Lab Exercises
 
A.1 Lab Exercises in the Course
 
A.1.1 Lab Setup
 
A.2 Exercises Chapter 2
 
A.3 Exercises Chapter 3
B Lab exercises online
 
B.1 Lab exercises in the course
 
B.1.1 Lab setup
 
B.2 Exercises Chapter 2
 
B.3 Exercises Chapter 3

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now

PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.