IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

IPv4 address sharing mechanism classification and tradeoff analysis

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability

Performance evaluation of multicast routing on IPv4 and IPv6 networks

Even though the transition from IPv4 to IPv6 has not been realized at the pace that it was anticipated, eventually with the depletion of IPv4 address space and the ever-growing demands of the Internet, the transition is inevitable. In the rapidly evolving world of technology, multimedia applications and voice/video conferencing are fast finding their ways into the Internet and corporate networks. Multicast routing protocols run over unicast routing protocols to provide efficient routing of such applications. This thesis was aimed at understanding how the transition from IPv4 to IPv6 would impact multicast routing. The multicast routing protocol Protocol Independent Multicast-Sparse Mode (PIM-SM) was used over both IPv4 and IPv6 networks and a mixed IPv4-IPv6 network. Parameters such as protocol overheads, throughput and jitter were evaluated in a lab environment using jperf

IPv6-Only Network Design and Deployment at IITH

The aim of thesis is for deploying an IPv6 only daily base enterprise network in IITH and making it fully functional for the daily use and address some of the key current challenges. The motivation for deploying IPv6 only network in the campus is due to the depletion of IPv4 address space. The IPv4 address space is only 32 bits, therefore has 232 addresses whereas IPv6 addresses are represented by 128 bits thereby its address space consists of 2128 addresses which is quite enough to address all the particles in the world with an IP address. Because of this scarcity of IPv4 addresses, many public organizations implemented NAT (Network Address Translation) to map private IPv4 addresses to a single public IPv4 addresses. So like this way NAT helped in dealing with the problem of IPv4 address scarcity. But NAT has got many disadvantages such as NAT adds complexities and it has basic disconnectivity problem with IPv6 only enabled devices. Also NAT has many security issues such as it is not compatible with IPSec protocol. Morover NAT was meant to be just a temporary solution for IPv4 exhaustion. So came the IPv6 address which contains enough IPv6 addresses to address all the devices. But the problem is both IPv4 and IPv6 are not compatible and during initial phase of IPv6 deployment IPv4 and IPv6 coexist together.So there has to be some mechanism to translate IPv4 to IPv6 and vice versa

ACUTA Journal of Telecommunications in Higher Education

In This Issue President\u27s Message From the ACUTA CEO RIP for TDM IPTV: The Future of Gable TV Not All SIP Trunking ls Problem Free lnterview: Four Campuses Look at lPv6, SIB and More lPv6: What You Don\u27t Know CAN Hurt You Moving from the Old to the New 2013 Award Winners lnstitutional Excellence Award Honorable Mention: Abilene Christian University Virtual La

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks