Thoughts on security caused by IPv6 Routing Protocol

With the proliferation of the Internet, security has always been a top priority. At present, although the emergence of IPv6 routing protocol can solve the security issues under the IPv4 network protocol version, it introduces the updated security issues. Then, let's take a look at the specific content through the following article.

Introduce new security problems in IPV6

During the development of IPV6 routing, some new security problems will occur, including responding to DoS attacks) weak, packet filter firewall cannot work properly according to the access control list ACL, Intrusion Detection System (IDS) suffers DoS attacks and then becomes ineffective, and the headers are tampered with by hackers. In addition, there are still some issues to be resolved in IPV6, including:

1. many security problems in the IP network are mainly caused by management. IPV6 management and IPv4. However, for some network management technologies, such as SNMP, the security of network management technologies must be improved in essence, whether it is porting or re-engineering. At present, there are almost no mature products for IPV6 network management devices and network management software, so there is no means to monitor and manage IPV6 networks, there is no means to locate a wide range of network faults and analyze the performance. Without network management, how can we ensure efficient and secure network operation?

2. PKI management is an outstanding new issue in IPV6.

3. IPV6 networks also require network security devices such as firewalls, VPNs, IDS, vulnerability scans, network filtering, and anti-virus gateways. In fact, viruses in the IPV6 environment have already appeared. It may take several days to develop security technologies.

4. IPV6 routing protocols still need to be improved in practice. For example, the IPV6 multicast function only specifies simple authentication functions, so it is difficult to implement strict User restrictions, while mobile IPV6 (Mobiel IPV6) there are also many new security challenges. DHCP must be upgraded to support IPV6 addresses. DHCPv6 is still under research and development.

Possible IPV6 migration Vulnerabilities

Because IPV6 and IPv4 networks will coexist for a long time, the network will inevitably have both security issues or new security vulnerabilities. Some security vulnerabilities have been discovered during the transition from IPv4 to IPV6. For example, hackers can use IPV6 to illegally Access LAN resources using IPv4 and IPV6 protocols, attackers can build a tunnel from IPV6 to IPv4 by installing a dual-stack host that uses IPV6, bypassing the firewall to attack IPv4.

The transfer to IPV6 routing protocol is the same as the use of any other new network protocol. The firewall needs to be reconfigured, and its security measures must be carefully considered and tested, for example, IDS in an IPv4 environment cannot directly support IPv6. you need to design a new one. The original security policies and security measures applied to the IPv4 protocol must be implemented on IPv6. At present, there are many technologies for IPv4 to IPV6 transition, including dual-stack, tunnel, and protocol conversion. However, these technologies are currently not ideal. Experts suggest that dual-stack technology should be used to avoid IPV6 route protocol conversion; static tunnel and dynamic tunnel should be used as much as possible; these need to be verified in a wide range of experiments.

Compared with IPv4, IPV6 improves network confidentiality and integrity, and provides new guarantees for controllability and anti-denial. However, IPV6 cannot completely solve all security problems, at the same time, there will be new security problems. Currently, most network attacks and threats come from the application layer rather than the IP layer. Therefore, to protect network security and information security, one or two technologies alone cannot be implemented, and multiple methods must be used together, such as the authentication system, encryption system, key distribution system, and trusted computing system.