with this post I want to publish my own master thesis which I finished on February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.
[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]
The thesis mainly consists the following chapters:
- Introduction to the IPv6 Specification: This is simply an overview of the IPv6 protocol itself without any deep statements about security. (Anyone who is already familiar with IPv6 can completely skip this chapter.)
- IPv6 Security Vulnerabilities: In this chapter I explain many (hopefully almost all) security weaknesses that arise with IPv6. I give a theoretic overview and show the tools with which theses vulnerabilities can be exploited (mainly THC-IPv6). Along with many listings I provide deep information about how these tools work. I list some “Firewalls’s Best Practices” and finally present a big table in which all attacks and tools are summarized.
- IPv6 Security Laboratory & Tests: To test several firewalls against IPv6 security issues I built an independent laboratory which is presented in this chapter. I also list the used IPv6 security attacks and present the results of the tested firewalls.
Maybe some security specialists find this thesis to be useful. If so, please leave a comment. ;)