Course Description
When the current Internet Protocol, version 4, known as IPv4, was designed in the early days of the Internet, it was intended for a relatively small number of users in academia. The resulting design allowed for a maximum of a few billion addresses and completely ignored security. The security issue has, of course been an ongoing and very costly problem for processing confidential data. The decision to use a 32-bit Internet address for computers resulted in the now-ubiquitous “dotted” address, like 192.168.7.33. At the time, billions of Internet users seemed unlikely in the extreme.
With the exponential growth in the numbers of Internet users over the past decade, especially mobile devices, the day of reckoning has finally arrived – the last block of free addresses was assigned in February, 2011. In short, we are out of IP addresses!
Fortunately, the Internet architects designed IPv6 to provide several other major advantages over the old IPv4: a virtually unlimited number of addresses; eliminate the need for Network Address Translation (NAT); strong data security and packet authentication via mandatory IPSec. Additional business advantages include simpler, more efficient packet routing and the ability to “tunnel” existing IPv4 packets inside IPv6 packets for backward compatibility. IPv6 has the potential to be the foundation of a more efficient and more secure Internet.
Given the lack of new IP addresses, enterprises face an imminent conversion to IPv6. This will impact every aspect of their networks, internal and external, including routers, firewalls, desktops, laptops, and mobile devices.
We will discuss the critical issues associated with IPv6 conversion:
- Major features of IPv6
- Conversion issues
- Security risks
- Good practice policies and procedures
Learning Objectives
- Understanding of IPv6 concepts
- Learn how to assess conversion risks
- Prepare information security for IPv6
- Develop IPv6 related policies and procedures
Course Outline
History of IPv6
IPv6 basics
- Addressing
- Address space
- Address selection
- DNS
- DHCPv6
- QoS
- Dual stack (simultaneous IPv4 and IPv6)
- Routing
Security
- IPSec v6
- Spoofing
- Hacker Attacks (application layer, man-in-the-middle, denial of service)
Mobile IPv6 (mIPv6)
Enterprise drivers for IPv6 and market factors driving adoption
Alternative deployment strategies
Transition approach and good deployment practices
- Roadmap and controls
- Training
- Combating the FUD factor
- Vendor issues
- Automated IPv6 address management systems
- Metrics
Effect on governance and the audit/assurance and security functions
Selected case studies of IPv6 deployments: business and academia
Additional Information
Who Should Attend
Information Security professionals
Risk managers evaluating their information security capabilities
Internal auditors
Level
Advanced
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Detailed understanding of networking, DNS, network routing, the OSI layer, and a working knowledge of network security
Session Duration
Online: Two 3 hour sessions
On Site: 1 day
CPE Credits: 7