mirror/becarpenter-book6
1
0
Fork 0
mirror of https://github.com/becarpenter/book6.git synced 2024-05-07 02:54:53 +00:00
Code Releases Activity
becarpenter-book6/4. Security/4. Security.md
Eduard Vasilenko 94b03a4169 Update 4. Security.md
2022-10-12 18:54:28 +03:00

16 lines
1.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 4. Security
Security has ever-growing importance in general.
IP protocol was always a big area for security research. The majority of IPv4 practices are the same and applicable to IPv6. The exception exists for the first hop and extension headers that are principally different in IPv6. Distributed address acquisition (SLAAC) created additional security challenges. Multiple addresses per host improve privacy. Extension headers give IPv6 the great flexibility and extensibility that may be abused on security.
Initially, it was perceived that cryptography (encryption and authentication) would be the mandatory part of the IPv6 (IPSec, SEND). Later, cryptography has been accepted as optional at the networking layer. At the same time, cryptography has become very popular at the transport or application layers.
IPv6 has no NAT66 and even NPT is not popular IPv6 is proud of End-to-End connectivity. NAT is weak security protection but some level of protection anyway. Hence, in some cases Firewall may be introduced in the IPv6 migration process. Pay attention that the “Zero-trust” approach in security moves the stress from perimeter protection to the authentication and encryption for all traffic (including internal for any perimeter). Hence, the Firewall introduction instead of NAT is not mandatory.
IPv6 security has a good overview in the [RFC 9099](https://www.rfc-editor.org/info/rfc9099). It is a good repository of references to many documents on the different IPv6 security aspects.
<!-- ## Name (add plain section names like that) -->
<!-- Link lines generated automatically; do not delete -->
## [Layer 2 considerations](Layer%202%20considerations.md)
## [Filtering ](Filtering%20.md)
### [<ins>Back to main Contents</ins>](../Contents.md)
View Git Blame Copy Permalink