Expert answer:Need computer science help with a background paper
Answer & Explanation:Review the NIST document Guidelines for the Secure Deployment of IPv6.
Find and use at least one other qualified source on IPv6 security.Guidelines for the Secure Deployment of IPv6
For this assignment, Tom Pierce
from Harry & Mae’s has asked that you provide him with a background paper
on IPv6. He wants to understand what it’s about, how it’s different from
IPv4, and how it’s more secure than it’s predecessors. Include an
explanation of 2-3 risks associated with IPv6 and it’s deployment.
Save your description to a
Microsoft Word document.
Your paper should be about 1500 words (+- 10%) using standard APA formatting,
citations, and references.
sp800_119.pdf
Unformatted Attachment Preview
Special Publication 800-119
Guidelines for the Secure
Deployment of IPv6
Recommendations of the National Institute
of Standards and Technology
Sheila Frankel
Richard Graveman
John Pearce
Mark Rooks
NIST Special Publication 800-119
Guidelines for the
Secure Deployment of IPv6
Recommendations of the National
Institute of Standards and Technology
Sheila Frankel
Richard Graveman
John Pearce
Mark Rooks
C O M P U T E R
S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
December 2010
U.S. Department of Commerce
Gary Locke, Secretary
National Institute of Standards and Technology
Dr. Patrick D. Gallagher, Director
GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analysis to advance the development and productive use of
information technology. ITL’s responsibilities include the development of technical, physical,
administrative, and management standards and guidelines for the cost-effective security and privacy of
sensitive unclassified information in Federal computer systems. This Special Publication 800-series
reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative
activities with industry, government, and academic organizations.
National Institute of Standards and Technology Special Publication 800-119
Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010)
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it intended to imply that the
entities, materials, or equipment are necessarily the best available for the purpose.
iii
GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6
Acknowledgments
The authors, Sheila Frankel of the National Institute of Standards and Technology (NIST), Richard
Graveman of RFG Security, John Pearce of Booz Allen Hamilton and Mark Rooks of L-1 Identity
Solutions (formerly of Booz Allen Hamilton) wish to thank their colleagues who reviewed drafts of this
document and contributed to its technical content.
The authors would like to acknowledge Tim Grance of NIST for his keen and insightful assistance and
encouragement throughout the development of the document. The authors particularly want to thank
Mark Carson, Doug Montgomery and Stephen Nightingale of NIST and Scott Hogg for their careful
review and valuable contributions to improving the quality of this publication.
The authors also appreciate the efforts of those individuals, agencies, and other organizations that
contributed input during the public comment period, including John Baird, DREN; Alistair de B
Clarkson, nCipher; Vint Cerf, Google; John Curran, ARIN; Terry Davis, Boeing; Francois Donze and
Michael Scott Pontillo, HP; Jeffrey Dunn, Chern Liou, and Jeffrey Finke, Mitre; Fernando Gont, the UK
Centre for the Protection of National Infrastructure (UK CPNI); Bob Grillo, US Army; Cecilia Hall, Don
Radeke and Joseph Bertrand, USMC; J. Holland, David Leach, Sam Nguyen, M. Roed, Beth Scruggs, D.
Wellington and Joe Williams, Aerospace Corp.; Ed Jankiewicz, SRI International; Ralph Kenyon, Caida;
Lovell King II, Dept. of State; Joe Klein, IPv6 Security Researcher; Dan Luu, VA; Trung Nguyen, FAA;
Carroll Perkins, Serco-NA; and Martin Radford, University of Bristol.
iv
GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6
Table of Contents
Executive Summary ………………………………………………………………………………………………….. 1
1.
Introduction ……………………………………………………………………………………………………. 1-1
1.1
1.2
1.3
1.4
2.
Introduction to IPv6 …………………………………………………………………………………………. 2-1
2.1
2.2
2.3
2.4
2.5
3.
Authority …………………………………………………………………………………………………..1-1
Purpose and Scope ……………………………………………………………………………………1-1
Audience ………………………………………………………………………………………………….1-1
Document Structure …………………………………………………………………………………..1-1
Early History of IPv6 …………………………………………………………………………………..2-1
Limitations of IPv4 ……………………………………………………………………………………..2-1
Major Features of the IPv6 Specification ……………………………………………………….2-2
2.3.1 Extended Address Space ………………………………………………………………… 2-3
2.3.2 Autoconfiguration …………………………………………………………………………… 2-3
2.3.3 Header Structure ……………………………………………………………………………. 2-3
2.3.4 Extension Headers …………………………………………………………………………. 2-4
2.3.5 Mandatory Internet Protocol Security (IPsec) Support ………………………….. 2-4
2.3.6 Mobility …………………………………………………………………………………………. 2-4
2.3.7 Quality of Service (QoS)………………………………………………………………….. 2-5
2.3.8 Route Aggregation …………………………………………………………………………. 2-5
2.3.9 Efficient Transmission …………………………………………………………………….. 2-5
IPv4 and IPv6 Threat Comparison ………………………………………………………………..2-5
Motivations for Deploying IPv6 …………………………………………………………………….2-7
IPv6 Overview …………………………………………………………………………………………………. 3-1
3.1
3.2
3.3
3.4
3.5
3.6
IPv6 Addressing ………………………………………………………………………………………..3-2
3.1.1 Shorthand for Writing IPv6 Addresses ……………………………………………….. 3-5
3.1.2 IPv6 Address Space Usage …………………………………………………………….. 3-6
3.1.3 IPv6 Address Types ……………………………………………………………………….. 3-7
3.1.4 IPv6 Address Scope……………………………………………………………………….. 3-7
3.1.5 IPv4 Addressing …………………………………………………………………………….. 3-9
3.1.6 IPv4 Classless Inter-Domain Routing (CIDR) Addressing …………………… 3-10
3.1.7 Comparing IPv6 and IPv4 Addressing ……………………………………………… 3-11
IPv6 Address Allocations …………………………………………………………………………..3-12
3.2.1 IPv6 Address Assignments ……………………………………………………………. 3-12
3.2.2 Obtaining Globally Routable IPv6 Address Space ……………………………… 3-14
IPv6 Header Types, Formats, and Fields……………………………………………………..3-16
IPv6 Extension Headers ……………………………………………………………………………3-18
Internet Control Message Protocol for IPv6 (ICMPv6) ……………………………………3-22
3.5.1 ICMPv6 Specification Overview ……………………………………………………… 3-22
3.5.2 Differences between IPv6 and IPv4 ICMP ………………………………………… 3-25
3.5.3 Neighbor Discovery ………………………………………………………………………. 3-26
3.5.4 Autoconfiguration …………………………………………………………………………. 3-28
3.5.5 Path Maximum Transmission Unit (PMTU) Discovery ………………………… 3-29
3.5.6 Security Ramifications …………………………………………………………………… 3-30
IPv6 and Routing ……………………………………………………………………………………..3-34
3.6.1 Specification Overview ………………………………………………………………….. 3-34
3.6.2 Security for Routing Protocols ………………………………………………………… 3-35
v
GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6
3.7
4.
IPv6 Advanced Topics …………………………………………………………………………………….. 4-1
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
5.
3.6.3 Unknown Aspects ………………………………………………………………………… 3-36
IPv6 and the Domain Name System (DNS) ………………………………………………….3-36
3.7.1 DNS Transport Protocol ………………………………………………………………… 3-37
3.7.2 DNS Specification Overview ………………………………………………………….. 3-37
3.7.3 Security Impact and Recommendations …………………………………………… 3-39
Multihoming ………………………………………………………………………………………………4-1
4.1.1 Differences between IPv4 and IPv6 Multihoming…………………………………. 4-1
4.1.2 Site Multihoming by IPv6 Intermediation (SHIM6) Specification Overview .. 4-2
4.1.3 Security Ramifications for Multihoming ………………………………………………. 4-4
IPv6 Multicast ……………………………………………………………………………………………4-5
4.2.1 IPv6 Multicast Specifications ……………………………………………………………. 4-6
4.2.2 Differences between IPv4 and IPv6 Multicast ……………………………………… 4-8
4.2.3 Multicast Security Ramifications ……………………………………………………….. 4-9
4.2.4 Unresolved Aspects of IPv6 Multicast ……………………………………………….. 4-9
IPv6 Quality of Service (QoS) …………………………………………………………………….4-10
4.3.1 IPv6 QoS Specifications ………………………………………………………………… 4-10
4.3.2 Differences between IPv4 and IPv6 QoS …………………………………………. 4-11
4.3.3 Security Ramifications …………………………………………………………………… 4-11
4.3.4 Unresolved Aspects of IPv6 QoS ……………………………………………………. 4-12
Mobile IPv6 (MIPv6) …………………………………………………………………………………4-12
4.4.1 MIPv6 Specification Overview ………………………………………………………… 4-12
4.4.2 Differences from IPv4 Standards …………………………………………………….. 4-16
4.4.3 Security Ramifications …………………………………………………………………… 4-16
4.4.4 Unknown Aspects ………………………………………………………………………… 4-26
Jumbograms …………………………………………………………………………………………..4-27
4.5.1 Specification Overview ………………………………………………………………….. 4-27
4.5.2 Security Ramifications …………………………………………………………………… 4-27
Address Selection ……………………………………………………………………………………4-28
4.6.1 Specification Overview ………………………………………………………………….. 4-28
4.6.2 Differences from IPv4 Standards …………………………………………………….. 4-30
4.6.3 Security Ramifications …………………………………………………………………… 4-30
4.6.4 Unknown Aspects ………………………………………………………………………… 4-31
Dynamic Host Configuration Protocol (DHCP) for IPv6 …………………………………..4-31
4.7.1 Specification Overview ………………………………………………………………….. 4-32
4.7.2 Differences from IPv4 Standards …………………………………………………….. 4-34
4.7.3 Security Ramifications …………………………………………………………………… 4-34
4.7.4 Unknown Aspects ………………………………………………………………………… 4-35
IPv6 Prefix Renumbering …………………………………………………………………………..4-35
4.8.1 Specification Overview ………………………………………………………………….. 4-36
4.8.2 Differences from IPv4 Standards …………………………………………………….. 4-38
4.8.3 Security Ramifications …………………………………………………………………… 4-38
4.8.4 Unknown Aspects ………………………………………………………………………… 4-39
IPv6 Security Advanced Topics ……………………………………………………………………….. 5-1
5.1
5.2
5.3
Privacy Addresses……………………………………………………………………………………..5-1
Cryptographically Generated Addresses ……………………………………………………….5-3
IPsec in IPv6 …………………………………………………………………………………………….5-4
5.3.1 Specification Overview ……………………………………………………………………. 5-5
5.3.2 Differences from IPv4 Standards ………………………………………………………. 5-8
vi
GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6
5.4
6.
5.3.3 Support for Multicast ………………………………………………………………………. 5-8
5.3.4 Status of IPsec and On-Going Work………………………………………………….. 5-9
5.3.5 Security Ramifications …………………………………………………………………… 5-15
5.3.6 Unknown Aspects ………………………………………………………………………… 5-16
Secure Stateless Address Autoconfiguration and Neighbor Discovery ……………..5-17
5.4.1 Using IPsec to Secure Autoconfiguration and ND ……………………………… 5-18
5.4.2 Using SEND to Secure Autoconfiguration and ND …………………………….. 5-19
5.4.3 Current Status and Unknown Aspects ……………………………………………… 5-19
IPv6 Deployment …………………………………………………………………………………………….. 6-1
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
Security Risks …………………………………………………………………………………………..6-1
6.1.1 Attacker Community ……………………………………………………………………….. 6-1
6.1.2 Unauthorized IPv6 Clients ……………………………………………………………….. 6-2
6.1.3 Vulnerabilities in IPv6 ……………………………………………………………………… 6-2
6.1.4 Dual Operations …………………………………………………………………………….. 6-4
6.1.5 Perceived Risk ………………………………………………………………………………. 6-4
6.1.6 Vendor Support ……………………………………………………………………………… 6-4
Addressing Security …………………………………………………………………………………..6-5
6.2.1 Numbering Plan …………………………………………………………………………….. 6-5
6.2.2 Hierarchical Addressing to Support Security Segmentation …………………… 6-6
6.2.3 Problems with EUI-64 Addresses ……………………………………………………… 6-7
6.2.4 Address Management …………………………………………………………………….. 6-7
6.2.5 Privacy Extensions …………………………………………………………………………. 6-8
Transition Mechanisms……………………………………………………………………………….6-8
Dual Stack IPv4/IPv6 Environments ……………………………………………………………..6-9
6.4.1 Deployment of a Dual Stack Environment ………………………………………….. 6-9
6.4.2 Addressing in a Dual Stack Environment …………………………………………. 6-10
6.4.3 Security Implications of a Dual Stack Environment …………………………….. 6-11
Tunneling ……………………………………………………………………………………………….6-11
6.5.1 General Security Considerations for Tunneling …………………………………. 6-13
6.5.2 Configured Tunneling ……………………………………………………………………. 6-15
6.5.3 Automatic Tunneling …………………………………………………………………….. 6-16
6.5.4 6over4 Protocol ……………………………………………………………………………. 6-16
6.5.5 6to4 and 6rd Protocols ………………………………………………………………….. 6-17
6.5.6 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ………………… 6-19
6.5.7 Teredo Protocol……………………………………………………………………………. 6-22
6.5.8 Tunnel Brokers …………………………………………………………………………….. 6-27
6.5.9 Automatic Tunneling of IPv4 over IPv6 (Dual Stack Transition Mechanism
[DSTM]) ………………………………………………………………………………………………… 6-28
6.5.10 Carrier-Grade NAT and Dual-Stack Lite …………………………………………… 6-30
Translation ……………………………………………………………………………………………..6-32
6.6.1 SIIT ……………………………………………………………………………………………. 6-33
6.6.2 NAT-PT ………………………………………………………………………………………. 6-33
6.6.3 Replacing NAT-PT ……………………………………………………………………….. 6-34
6.6.4 TRT ……………………………………………………………………………………………. 6-35
6.6.5 Application Layer Translation …………………………………………………………. 6-36
Other Transition Mechanisms …………………………………………………………………….6-37
The IPv6 Deployment Planning Process for Security ……………………………………..6-37
IPv6 Deployment ………………………………………………………………………. …
Purchase answer to see full
attachment
How it works
- Paste your instructions in the instructions box. You can also attach an instructions file
- Select the writer category, deadline, education level and review the instructions
- Make a payment for the order to be assignment to a writer
- Download the paper after the writer uploads it
Will the writer plagiarize my essay?
You will get a plagiarism-free paper and you can get an originality report upon request.
Is this service safe?
All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades