Guidelines for Secure IPv6

The National Institute of Standards and Technology last week issued SP 800-119, Guidelines for the Secure Deployment of IPv6

Some things are said to be very different about it…

Router access control lists (ACLs), firewalls, and other security components must be carefully managed to retain ICMPv6 functionality. Any security measures on a network segment must allow IPv6 nodes to use ICMPv6 to accomplish Neighbor Discovery, PMTU discovery, and other essential tasks. If an IPv6 default router on a network segment is unable to receive and reply to legitimate RS messages, nodes sending those messages may experience a denial of service condition.

…while other things are said to stay the same.

The deployment of IPv6 reinforces the basic security lessons learned with IPv4. These security practices include defense in depth, diversity, patching, configuration management, access control, and system and network administrator best practices. Good security practices remain unchanged with the deployment of IPv6.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.