Security Situation Analysis-IPv6 protocol network (1)

In traditional IPv4 networks, security has always been a headache. Now the IPv6 protocol network has solved many security problems for us. This is because, in the IPv4 network, the evolved version V6 adopts different transmission structures, so the security mechanism has changed. But is this really safe?

The IP Security Protocol (IPSec) IPSec is an optional extension protocol for IPv4, while the IPv6 protocol is an essential part. The IPSec protocol can "seamlessly" provide security features for IP addresses, such as access control, data source authentication, data integrity check, confidentiality assurance, and anti-Replay (Replay) new route protocols OSPFv3 and RIPng use IPSec to encrypt and authenticate route information to improve the performance of anti-route attacks ｡

The biggest advantage of end-to-end security assurance for IPv6 is to ensure end-to-end security and meet users' requirements for end-to-end security and mobility. IPv6 limits the use of NAT, all network nodes are allowed to communicate with each other using the unique address in the world. Each time an IPv6 connection is established, packets are encapsulated by IPSec on both hosts, the intermediate router implements transparent transmission of IPv6 data packets with an IPSec extension header. by verifying the communication end and encrypting the data, the sensitive data can be securely transmitted over the IPv6 protocol network, therefore, the end-to-end network transparency can be ensured without deploying ALG (Application Layer Gateway) for special network applications, which is conducive to improving the network service speed ｡

Address Allocation and source address check in the IPv6 address concept, the local subnet (Link-local) address and the local network (Site-local) address are defined, this Address Allocation makes it easy for the network administrator to strengthen network security management. If a host only needs to contact other hosts in the subnet, the network administrator can assign only one local subnet address to the host; if a server only provides access services for Intranet users, only one local network address can be assigned to the server, and no one outside the enterprise network can access these hosts ｡

The IPv6-Based Domain Name System (DNS) serves as the foundation of the Public Key Infrastructure (PKI) system, helping to defend against online identity camouflage and theft, using the DNS Security Extensions protocol that provides authentication and integrity Security features can further enhance the protection against new DNS attacks, such as "Phishing) "attacks," DNS poisoning oning "attacks, etc. These attacks will control the DNS server and tamper the IP addresses of legitimate websites with fake or malicious website IP addresses, experts believe that it is necessary and important for China to establish an IPv6 Domain Name System root server ｡

IPv6 has the following advantages over IPV4:

1. The IPv6 protocol network has a larger address space. IPv4 stipulates that the IP address length is 32, that is, 2 ^ 32-1 (symbol ^ indicates power-up, the same below) addresses; in IPv6, the IP address length is 128, that is, 2 ^-1 addresses ｡

2. IPv6 uses a smaller route table. IPv6 Address Allocation follows the Aggregation principle from the beginning, which enables the router to express a subnet with a record (Entry) in the route table, this greatly reduces the length of the route table in the vro and increases the speed at which the vro forwards data packets ｡

3. IPv6 has added enhanced Multicast support and Flow Control support, which has given great opportunities for the development of multimedia applications on the network, it provides a good network platform for Quality of Service (QoS) control ｡

4. IPv6 supports Auto Configuration. This is an improvement and extension of the DHCP protocol, making the management of networks (especially Local Area Networks) more convenient and convenient ｡