Hello world,
with this post I want to publish my own master thesis which I finished in February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.
[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]
The thesis mainly consists of the following chapters:
- Introduction to the IPv6 Specification: This is simply an overview of the IPv6 protocol itself without any deep statements about security. (Anyone who is already familiar with IPv6 can completely skip this chapter.)
- IPv6 Security Vulnerabilities: In this chapter, I explain many (hopefully almost all) security weaknesses that arise with IPv6. I give a theoretical overview and show the tools with which these vulnerabilities can be exploited (mainly THC-IPv6). Along with many listings I provide deep information about how these tools work. I list some “Firewalls’s Best Practices” and finally present a big table in which all attacks and tools are summarized.
- IPv6 Security Laboratory & Tests: To test several firewalls against IPv6 security issues I built an independent laboratory which is presented in this chapter. I also list the used IPv6 security attacks and present the results of the tested firewalls.
Maybe some security specialists find this thesis to be useful. If so, please leave a comment. ;)
Note that this post is one of many related to IPv6. Click here for a structured list.
Featured image: “The Graduates” by Luftphilia is licensed under CC BY-NC 2.0.
Thanks for sharing this. I also use THC IPv6 in my IPv6 Security trainings. I am interested to see the comparisons of firewall that you have tested :).
Thank you very much for sharing! It’s really difficult and time consuming to make such comparisons, so thank you especially for that ;)
Thank you for sharing your work and for your efforts ! ;-)
That is informative work you shared through this master thesis (PDF File). I have been using Cisco Firewall for long.
Nice Job!
Excellent