IPv6 Security
Hogg Networking literally “wrote the book” on IPv6 Security.
IPv6 Security, by Eric Vyncke and myself, was published over ten years ago and remains relevant today. The book uses technical details to help IPv6 implementers create secure networks. It also raises awareness to different IPv6 threats and how to protect your network from attacks. It is considered the go-to resource on the subject of IPv6 Security.
Proactively securing IPv6 is a critical part of any IPv6 deployment. Obviously, it pays dividends to create a plan rather than reacting to a security incident. Many security practitioners are unfamiliar with the IPv6 protocol and are unaware that it is already deployed in many hosts and services. IPv6 is used extensively on the Internet. Remote workers could unknowingly be using IPv6 on their mobile devices as they work either from their homes or other locations. If enterprises lack visibility to IPv6 and have not taken any steps to secure it, then IPv6 represents a “latent threat”.
Hogg Networking advocates for being aware of IPv6-related threats and taking a risk-based approach to threat mitigation. HoggNet can engage with your security team to prepare a comprehensive strategy for securing IPv6 using our methodology.
To begin this process, we must understand your “As Is” existing IT environment and your current set of security controls. We then conduct a 5-point inspection of these controls to determine their IPv6 capabilities.
Next, we create an IPv6 Security Threat Model categorizing the threats that the unprotected environment is susceptible to. The threats are organized to provide a foundation to prepare the IPv6 security mitigation architecture. The output of this exercise will be the requirement drivers for the network protections that will be employed to mitigate the IPv6 threats.
The next step is to document the breadth of the enterprise IPv6 Security Architecture. This contains the target high-level strategy to mitigate IPv6 security risks by mapping the IPv6 security controls to threats and define the best practices for securing IPv6-enabled environments. The IPv6 Security Architecture also details the plan to protect IPv6 over the long-term as new threats and attacks emerge.
The final step is to document the IPv6 Security Risk Matrix, which lists the risks and assigns a relative score for; 1) severity, 2) damage potential, 3) likelihood, and 4) the CAPEX/OPEX values for remediation. An algebraic equation is used to calculate a numerical "risk score" for each item and the risks will be ranked. This ordered list of risks will help prioritize the remediation tasks using this lightweight risk management framework.
Contact us if you need more information about how we help you proactively secure IPv6.