CET101 PROFFESIONAL PRACTICE WEEK 3

IPv6 Network Security

Hardware and Software
Alexander Waddell
1/15/2016

A look into how to secure our IPv6 network solution for FOB internally and externally, and how the
network connections across the public internet should be defended.
 Page |1

TABLE OF CONTENTS

1. ● Table of Contents

A list of what information is present on what pages.

2. ● Context and Solution

A description of the task we were assigned and our final solution we proposed.

3-4. ● How to Secure the Network

Questions answered about how we propose to secure the network internally and externally
through the use of hardware and software as well as across the public internet.

5. ● References

A list of sources of information used throughout the report.

 Page |2

CONTEXT AND SOLUTION

Our company NetIT was tasked with creating an appropriate network design for the FOB based upon a
skeleton diagram and a table of the host requirements for each of the sub networks we would be
building. The two solutions we had were to make an IPv4 and IPv6 version of the network and then
decide upon which one we would pitch to the company in a presentation. The FOB gave the final
decision of either the IPv4 or the IPv6 version of the network down to us as we were are a networking
company with greater knowledge in that field. Over the course of the week we used a program called
Cisco Packet Tracer to create simulations for both versions of the network to present to the FOB as a
working solution that acts in the same way as a real life solution. We also wrote down which solution we
chose and why and compiled all the information into a PDF file which we could give to the FOB to read.

After doing a lot of research into the differences between IPv4 and IPv6 our company decided to use the
IPv6 version of the network. This was decided upon for a number of reasons, the main ones being that
“The IPv6 specification mandates that IPv6-enabled nodes must support the IP Security Protocol (IPSec),
therefore IPv6 430 nodes are more secure than IPv4 nodes” (Sailan et al. 2009) and also “Instead of
allowing for only 32-bit IP, IPv6 allows for 128-bit IP.With the increased IP address size, up to 2128 or 3.4
x 1038 different IP addresses can be defined” (Durdağı and Buldu 2010).

Our Network Simulation in Packet Tracer

 Page |3

HOW TO SECURE THE NETWORK

Below is a list of questions our company needed to consider when talking about securing our IPv6
network and what measures we would take when doing so.

 What network security hardware/software are needed.

 Where this hardware should be placed in the network.
 How should the network connections across the public Internet be defended and why

Although IPv6 is a lot more secure than IPv4 because it must support the IP Security Protocol (Sailan et
al. 2009) it can still be under threat by types of attack that have not changed in appearance between
IPv4 and IPv6 networking as well as face entirely new threats that weren’t present in IPv4 (Durdağı and
Buldu 2010). As the number of networks using IPv6 continues to grow the number of potential security
threats will increase with it with many networks running both IPv4 and IPv6 by default (Hogg and Vyncke
2008). There are a number of ways in which an IPv6 network can be compromised such as Spyware,
Malware, SQL Injections, IP spoofing, malicious insiders and rogue devices (Hogg and Vyncke 2008).
Some of these methods are caused by external sources on the network and some are caused by internal
sources meaning that to truly keep your network secure you must ensure safety from both of these
sources.

The simplest form of security for a network is user authentication which is usually done in the form of
usernames and passwords but can be as intricate as complicated systems such as retinal scanners or
fingerprint readers. The more complicated the system the less chance that internal sources can infiltrate
or hack the network leading to a safer system. As said by (Strickland 2009) the two main pieces of
hardware that are used in network security are firewalls and the routers themselves. Firewalls can come
in both hardware and software forms. Firewalls act like filters that are used to monitor both the traffic
from inside the network and from the internet. The good thing about routers is they usually include
firewall software within them so there may not be a need to buy a firewall device unless you are looking
for a higher level of security than your router’s firewall software provides. Another method routers use
for network security is encryption. Nearly all routers nowadays use some form of encryption. The most
common options are WPA, WPA2 and WEP. WPA2 is generally the most secure option of the two and
will make it hard for anyone trying to attack the network to read any information sent between routers
across the network (Strickland 2009). Since routers are present for every subnet within the IPv6 network
that means there will be a firewall present in each subnet and all information will be encrypted.

As for software, “Almost as important as a firewall is anti-virus software. A robust anti-virus program can
help keep your computer safe. Anti-virus software isolates and neutralizes malware. Most anti-virus
software searches for viruses by comparing the applications on your computer against a huge database
of malware” (Jonathan 2009). A quoted on the (Cisco n.d.) website “A network security system usually
consists of many components, ideally, all components work together. These components often include
Anti-virus and Anti-spyware, Firewalls, Intrusion prevention systems (IPS) and Virtual Private Networks
to provide secure remote access”. All of these methods of network security could be used on our
proposed network to ensure the safety of users and information. Anti-spyware would provide greater
security against spyware than firewalls as “Personal firewall enables users to know which process is
accessing the Internet and disallows some of the Internet operations. However, they may not be good
anti-spyware solutions. Packet sniffers do not offer any protection, but only monitoring. Some personal
firewalls lack packet sniffing facilities” (Chow et al. 2005).
 Page |4

An Intrusion Prevention System is “any device (hardware or software) that has the ability to detect
attacks, both known and unknown, and prevent the attack from being successful. Basically an IPS is a
firewall which can detect an anomaly in the regular routine of network traffic and then stop the possibly
malicious activity” (Ierace et al. 2005). They work by dropping any harmful or malicious packets or
disconnecting any connections before they reach their host and can do harm to the network, however
they could potentially bottleneck the network due to a large demand of bandwidth which could
potentially lead to outages within the network (Ierace et al. 2005).

As the network is connected across the public internet it will need to be kept secure as it will be more
prone to attacks that other networks. To do this I propose that a Virtual Private Network (VPN) should
be used in order to secure information privately across the internet. In 2005 a patent was filed for a
method for translation of a Virtual Private Network which was a way to privately send data across an
IPv6 network using a multipoint tunnel by Cisco Technology, Inc. which was then published (Gregory and
Dino 2009). This is a complex method to provide a VPN across the IPv6 network but would greatly
increase the security when data is sent across the internet and if we used it within our network created
for the FOB it would prove to be useful.

Overall after using both the hardware such as routers and software that is appropriate for network
security within our IPv6 network as well as having an indepth user authentication system I feel our
solution that we are proposing to the FOB will be adequate for the job and should be well guarded
against any potential attacks from both internal and external sources.
 Page |5

REFERENCES
Sailan, M.K., Hassan, R. and Patel, A., 2009, August. A comparative review of IPv4 and IPv6 for research test bed.
In Electrical Engineering and Informatics, 2009. ICEEI'09. International Conference on (Vol. 2, pp. 427-433). IEEE.

Durdağı, E. and Buldu, A., 2010. IPV4/IPV6 security and threat comparisons. Procedia-Social and Behavioral
Sciences, 2(2), pp.5285-5291.

Hogg, S. and Vyncke, E., 2008. IPv6 security. Pearson Education.

Strickland, J., 2009, April. How to secure your home network, HowStuffWorks.com.
(http://electronics.howstuffworks.com/how-to-tech/how-to-secure-home-network.htm)

Cisco Technology, Inc., n.d., What is Network Security?

(http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my_business/what_is
_network_security/index.html)

Shepherd, G. and Farinacci, D., Cisco Technology, Inc., 2009. VPN services using address translation
over an IPv6 network. U.S. Patent 7,483,439.

Chow, S.S., Hui, L.C., Yiu, S.M., Chow, K.P. and Lui, R.W., 2005. A generic anti-spyware solution by
access control list at kernel level. Journal of Systems and Software, 75(1), pp.227-234.

Ierace, N., Urrutia, C. and Bassett, R., 2005. Intrusion prevention systems.Ubiquity, 2005(June), pp.2-2.