Title (eng): IPv6 Security and Protocol Transition
Österreicher, G. (Gabor)
St. Pölten, FH-Stg. Information Security, Master Thesis, 2014
The rapid growth of the Internet has led to the exhaustion of the IPv4 address space that is based on an address size of 32 bits. To counter the depletion of IPv4 addresses, the IPv6 protocol was specified already back in 1998 as successor to IPv4. IPv6 introduces 128-bit addresses. However, due to the development of address conservation technologies, such as Network Address Translation (NAT) and Classless Inter-Domain Routing (CIDR), the use of IPv4 was prolonged and the deployment of IPv6 was delayed at the same time. Meanwhile, the Internet Assigned Numbers Authority (IANA) and three out of five Regional Internet Registries (RIRs) have exhausted their available IPv4 address blocks over the last three years. Therefore, IPv6 has again gained in importance. Since 2012, the services of major content providers, such as Google or Facebook, are permanently accessible over IPv6. Further drivers for the deployment of IPv6 are countries with high populations, the ever increasing number of mobile devices, public addressing of virtual machines (VMs) of cloud computing providers, the "Internet of Things", and environments for smart applications, such as smart grid or smart homes. As a consequence, the global transition to IPv6 has become inevitable.
The increasing relevance of IPv6 and the related protocol changes and updates that occurred over the last years create the need to reevaluate the protocol from a contemporary security perspective. This thesis therefore identifies new attack vectors, not only in the relation to the protocol itself, but also in the context of its deployment and coexistence with IPv4. Transition and coexistence mechanisms are examined in terms of security and suitability for different scenarios. Furthermore, a phased approach to deploy IPv6 in an enterprise network was developed. Additional research was conducted on how the deployment of IPv6 affects network security and related security policies. The findings of this thesis were consolidated into organizational and technical measures and recommendations that provide guidance to a secure implementation of IPv6. Finally, the security impacts of IPv6-enabled nodes in an otherwise IPv4-only network were analyzed to create awareness and encourage organizations to consider IPv6 in their security policies.
Object languages: English
© All rights reserved
Classification: IP 6; Computersicherheit