Implementing and Securing IPv6

How to design, implement, secure and manage IPv6 in modern multi-platform networks

• 5 days • £3295/$4190 • world-wide


You will learn how to:

  • Migrate your network to IPv6
  • Manage the differences between IPv4 and IPv6
  • Implement new networking software and devices to support IPv6
  • Implement IPv6 auto-configuration and manage IPv6 addresses
  • Configure IPv6 migration techniques on different platforms.
  • Configure transition techniques including; dual-stacks, 6to4, ISATAP and Teredo.
  • Configure IPv6 on different platforms
  • Configure IPv6 enabled network services (e.g DNS, DHCPv6, OSPFv3 and BGP)
  • IPv6 enable networking applications (e.g. Apache, ping, FTP and e-mail)
  • Write code using the basic IPv6 socket API
  • Migrate legacy code to IPv6
  • Use code migration tools
  • The security features of IPv6
  • IPv6 security risks
  • The differences in IPv4 and IPv6 security
  • Security threats of IPv6 transition mechanisms
  • How to securely deploy IPv6
  • How to secure your IPv4 network from IPv6 threats
  • IPv6 threat mitigation
  • How to build IPv6 firewalls

 


Course Benefits

IPv6 is the result of many years of research and activity by the international Internet community. IPv6 provides increased addressing space, improved routing, new features and support for transition from IPv4.

The implementation of IPv6 is inevitable and will impact on all companies that maintain, implement or use IP networks.

In this course, you will learn how to obtain implement and secure IPv6 and related protocols within your organisation on Unix, Linux, Windows, Cisco, Juniper and other networked devices. This course provides extensive hands-on sessions and in-depth technical analysis.

 


Who should attend?

This course is ideal for network administrators, network support personnel, network designers, networking consultants, security managers, IT managers and directors.

Prerequisites

A good knowledge of general networking concepts is assumed. IPv4 is reviewed as it is compared and contrasted with IPv6, but experience of IPv4 is necessary.

 


Course Contents

The Need for IPv6 (Summary)

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

Internetworking IPv6 (Summary)

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

Transport Layer and IPv6 (Summary)

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

Application Changes for IPv6 (Summary)

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • IPv6 neighbor discovery (ND) threats
  • ND threat examples

IPv6 Security Features

  • Security features in IPv6
  • Mobile IPv6 security
  • RA-Guard and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

Securing Neighbor Discovery

  • Neighbor discovery threats
  • Privacy addresses
  • Temporary addresses
  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Security at the datalink
  • IEEE 802.1X
  • Securing Router Advertisements (RAs)

IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

 


IPv6 Practical Work

During the course there will be many opportunities for hands-on work. Each module has detailed exercises or demonstrations associated with it. Every delegate has at least one server provided for their own use.

Practicals are run on a mixture of Linux, Windows and Cisco platforms. Delegates will have the opportunity to choose their preferred platform when booking.

Hands-on practical exercises include:

  • Installing and configuring IPv6
  • Capturing and decoding IPv6 datagrams
  • Basic IPv6 operation
  • IPv6 router configuration
  • Assigning IPv6 addresses
  • Configuring IPv6 auto-configuration
  • Configuring and using DHCPv6
  • IPv6 dynamic routing (OSPFv3 & BGP)
  • Security configuration using IPv6 IPsec
  • Configuring IPv6 transition mechanisms
  • Configuring 6to4, ISATAP, Teredo, NAT64 etc.
  • Configuring and testing Mobile IPv6
  • Examining QoS and IPv6
  • Network monitoring of IPv6
  • Upgrading and configuring IPv6 DNS servers
  • Configuring IPv6 applications and services
  • Writing code using the basic IPv6 socket API
  • Examining IPv6 threats
  • Using the IPv6 hackers toolkit
  • Using Scapy and IPv6
  • Configuring IPv6 IPsec
  • Using privacy and temporary addresses
  • Protecting against router advertisement attacks
  • Detecting and mitigating ND attacks
  • Implementing SEND and CGA
  • Securing transition mechanisms including 6to4, ISATAP, Teredo and NAT64
  • Configuring IPv6 firewalls
  • IPv6 security policy and best practice

 


Certifications

All Erion IPv6 courses are certified by the IPv6 Forum. Erion also has its own IPv6 certification programme.

Certified IPv6 Certification
Certified Course IPv6 Forum
Certified Security Course IPv6 Forum

 


The Lecturers

All our lecturers are practising network consultants with extensive experience of IPv6 networking on Linux, Unix, Cisco IOS, Juniper and Windows in large commercial environments. They are ideally suited to bringing you an up to date analysis of the status of IPv6.

Erion is the world's leading IPv6 training company.

 


Locations

Our courses are available world-wide in our virtual classrooms accompanied by virtual labs. We also deliver on-site training and public training at venues around the world.

Please contact us if you are looking for training in your area.

 

  • Aberdeen, Scotland, UK
  • Basingstoke, England, UK
  • Edinburgh, Scotland, UK
  • Glasgow, Scotland, UK
  • Inverness, Scotland, UK
  • Leeds, England, UK
  • London, England, UK
  • Manchester, England, UK
  • Sheffield, England, UK
  • Europe - various locations
  • Ljubljana, Slovenia
  • Malaysia - various locations
  • Boston, USA
  • San Francisco, USA
  • New York, USA
  • Washington DC, USA
  • USA - various locations