Abstract
Currently, the most security solutions are based on technologies realted to the old IPv4 protocol. Although the new protocol requires a different approach, the network security solution often does not correspond and the network protection may be affected. One of the results of the IPv6 implementation is the end of network address translation (NAT). Despite its disadvantages, NAT can act as a security element of IPv6 protocol. The goal of this paper is to analyse, present and compare firewall functions at the most used Windows and Linux distribution along with the detailed packet analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
RFC 2993 - architectural implications of NAT. http://tools.ietf.org/html/rfc2993
RFC 4864 - local network protection for IPv6. http://tools.ietf.org/html/rfc4864
RFC 4942 - IPv6 transition/co-existence security considerations. http://tools.ietf.org/html/rfc4942
RFC 7059 - a comparison of IPv6-over-IPv4 tunnel mechanisms. http://tools.ietf.org/html/rfc7059
RFC 6092 - recommended simple security capabilities in customer premises equipment (CPE) for providing residential IPv6 internet service. http://tools.ietf.org/html/rfc6092
RFC 7123 - security implications of IPv6 on IPv4 networks. http://tools.ietf.org/html/rfc7123
RFC 2460 - internet protocol, version 6 (IPv6) specification. http://tools.ietf.org/html/rfc2460
RFC 5095 - deprecation of type 0 routing headers in IPv6. http://tools.ietf.org/html/rfc5095
RFC 5722 - handling of overlapping IPv6 fragments. http://tools.ietf.org/html/rfc5722
RFC 6946 - processing of IPv6 “atomic” fragments. http://tools.ietf.org/html/rfc6946
RFC 6980 - security implications of IPv6 fragmentation with IPv6 neighbor discovery. http://tools.ietf.org/html/rfc6980
RFC 4443 - internet control message protocol (ICMPv6) for the internet protocol version 6 (IPv6) specification. http://tools.ietf.org/html/rfc4443
RFC 4890 - recommendations for filtering ICMPv6 messages in firewalls. http://tools.ietf.org/html/rfc4890
RFC 5533 - Shim6: level 3 multihoming shim protocol for IPv6. http://tools.ietf.org/html/rfc5533
RFC 6629 - considerations on the application of the level 3 multihoming shim protocol for IPv6 (Shim6). http://tools.ietf.org/html/rfc6629
RFC 7112 - implications of oversized IPv6 header chains. http://tools.ietf.org/html/rfc7112
Kim, J., Cho, H., Mun, G., Seo, J., Noh, B., Kim, Y.: Experiments and countermeasures of security vulnerabilities on next generation network. In: Future Generation Communication and Networking (FGCN 2007) (2007)
Van Den Broek, G., van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC meets real world: dealing with unreachability caused by fragmentation. IEEE Commun. Mag. 52, 154–160 (2014)
Gont, F., Linkova, L.: IPv6 extension headers in the real world v2.0. (2016)
Lai, Y., Jiang, G., Li, J., Yang, Z.: Design and implementation of distributed firewall system for IPv6. In: 2009 International Conference on Communication Software and Networks (2009)
Acknowledgment
The support of Czech Science Foundation GACR 15-11724S DEPIES is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Horalek, J., Sobeslav, V. (2016). IPv6 Firewall Functions Analysis. In: Nguyen, N., Iliadis, L., Manolopoulos, Y., Trawiński, B. (eds) Computational Collective Intelligence. ICCCI 2016. Lecture Notes in Computer Science(), vol 9876. Springer, Cham. https://doi.org/10.1007/978-3-319-45246-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-45246-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45245-6
Online ISBN: 978-3-319-45246-3
eBook Packages: Computer ScienceComputer Science (R0)