Call : (+91) 968636 4243
Mail : info@EncartaLabs.com

IPv6 Security

( Duration: 2 Days )

This IPv6 security training course provides the essential needs in managing a IPv6 network audit and vulnerability assessment. It provides a formal framework for finding and eliminating IPv6 network security threats, ensuring that no vulnerabilities are overlooked.

This course provides guidance for avoiding IPv6 security problems, identifying specific IPv6 security deficiencies, explore IPv6 vulnerabilities and exploiting. The course also details what commercial, freeware, and shareware tools are available, how they work, and how to use them. By following the procedures outlined in the course, you can pinpoint what individual parts of your IPv6 network need to be hardened and learn about IPv6 Security best practices.

By attending IPv6 Security workshop, delegates will learn to:

Understand the basics of IPv6 Security
Secure IPv6 networks against threats and attacks
Implement security standards and processes to protect your IPv6 network
Create a secure IPv6 infrastructure
Plan ahead to avoid IPv6 security problems before widespread deployment
Identify known areas of weakness in IPv6 security and the current state of attack tools and hacker skills
Analyze and react to denial-of-service (DoS) attacks
Understand each high-level approach to securing IPv6 and learn when to use each
Harden IPv6 network devices against attack
Utilize IPsec in IPv6 environments
Secure mobile IPv6 networks
Monitor IPv6 security
Understand the security implications of the IPv6 protocol, including issues related to ICMPv6 and the IPv6 header structure
Protect your network against large-scale threats by using perimeter filtering techniques and service provider-focused security practices
Understand the vulnerabilities that exist on IPv6 access networks and learn solutions for mitigating each

This IPv6 security class is recommended for Engineers, Developers, Managers, Risk Analysts, Ethical Hackers and anyone interested in IPv6 security.

COURSE AGENDA

Introduction to IPv6

IPv6 in a nutshell
Comparing IPv4 and IPv6 Header Format
IPv4 Compatibility
IPv6 Operation
IPv6 Addressing Architecture
ICMPv6 and Neighbor Discovery Protocol
Using DNS and DHCP with IPv6
Supporting Security and Mobility with IPv6
Routing in IPv6 Networks
Using IPv6 services
IPv6 operation and Architecture
Basic transition mechanisms
Tunneling protocols create new risks
IPv6 autoconfiguration

Introduction to IPv6 Security

IPv6 Security Essentials
IPv6 Protocol Security Vulnerabilities
IPv6 Internet Security
IPv6 Perimeter Security
Local Network Security
Hardening IPv6 Network Devices
Server and Host Security
IPsec and SSL Virtual Private Networks
Security for IPv6 Mobility
Securing the Transition Mechanisms
Security Monitoring
IPv6 Security Conclusions
Popular and Famous Attacks
Hacker Threats for IPv6
Neighbor Discovery
DHCPv6
Denial of Service
Neighbor Spoofing Attack
Neighbor Poisoning
ICMPv6 Attacks
Anycast Threat
Hacker Experience
IPv6 Security Mitigation Techniques
Large-Scale Internet Threats
Ingress/Egress Filtering
Securing BGP Sessions
IPv6 over MPLS Security
Prefix Delegation Threats
Multihoming Issues
IPv6 Perimeter Security
IPv6 Firewalls
Physical Security
Developing Security Policies, Assessments and Procedures
IPv6 Security Considerations and Recommendations
IPv6 Neighbor Discovery trust models and threats
Implementing Security for IPv6, Cisco Documentation
Security Implication of Mixed IPv4/IPv6 Network
IPv6 end-to-end security
Managing privacy extensions
IPsec, VPNs, IKE, PKI
IPv6 autoconfiguration

IPv6 and IPv4 Threat Comparison

Encryption
Digital Signatures
Public Key Infrastructure (PKI)
Dealing with Technology Evolution
Network Security Awareness
Best-Practice Evaluation
Threat Analysis Attacks with New Considerations in IPv6
Reconnaissance
Unauthorized Access
Header Manipulation and Fragmentation
Layer 3-Layer 4 Spoofing ARP and DHCP Attacks Broadcast Amplification Attacks (smurf)
Routing Attacks
Viruses and Worms
IPv6 and IPv4 Threat Comparison
Translation, Transition, and Tunneling Mechanisms
Attacks with Strong IPv4 and IPv6
Similarities
Sniffing
Application Layer Attacks
Rogue Devices
Man-in-the-Middle Attacks
Flooding
IPv6 and IPv4 Threat Comparison
IPv6 Security Considerations
Authorization for Automatically Assigned Addresses and Configurations
Protection of IP Packets
Host Protection from Scanning and Attacks
Control of What Traffic is Exchanged with the Internet
Reconnaissance Tools

IPv6 Network Vulnerabilities and Attacks

Detailed analysis of IPv6 headers
Elimination of NAT
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Ethernet LAN Security
Frame Relay Network Security: Vulnerabilities and Mitigations
ICMP Attacks
IPv6 Spoofing
ICMP, ICMP Attack, Ping Attack, Smurf Attack, PING Flood, Ping of Death
Land Attack
Network Security at the Data Link Layer (Layer 2) of LAN
Network Security at the Network Layer (Layer 3: IP)
Network Security at the Transport Layer (Layer 4: TCP and UDP)
Pharming and Anti-pharming Mitigations and Technologies
Phishing and Anti-phishing Mitigations and Technologies
Port Scan Attack
Public-Key or Asymmetric Cryptography
RIP Routing Attacks
Smurf Attack and Fraggle Attack
SPAM and Anti-Spam Technologies
Spyware and Anti-Spyware Mitigations and Technologies
TCP Connecting Hijacking: MAN-In-The-Middle Attack
TCP SYN Attack
TCP/IP Network Vulnerability and Security
UDP Flood Attack
Widely Used Attack Tools
Virus and Antivirus Technologies
Top Information and Networking Threats

IPSec and IPv6

IPsec architecture
The Security Policy Database (SPD)
Security Association Database (SAD)
Peer Authorization Database (PAD)
SA and Key Management
IP Traffic Processing
AH and ESP Headers AH and ESP security protocols
Tunnel mode and transport mode
Security policy (SP)
Selector
Security Association (SA), Key exchange protocols
Security Protocols
AH and ESP
Security Parameter Index (SPI)
Sequence Number
Virtual Private Networks (VPNs)
Host-to-Host IPsec
Site-to-Site IPsec Configuration
Remote Access with IPsec
SSL VPNs
IP VPN Services
Attacking IPsec VPNs
Check Point VPN Security Issues
Microsoft PPTP
VPN Services Countermeasures

Security for IPv6 Mobility

Mobile IPv6 Operation
MIPv6 Messages
Threats Linked to MIPv6
Using IPsec with MIPv6
Filtering for MIPv6
Mitigating ICMPv6 threats
Other IPv6 Mobility Protocols

IPV6 Security Audit & Control

Host- and Network-based Intrusion Detection
Firewalls and Honeypots
Vulnerability Scanners
Computer Security Policies
Password Management
Incident Handling
Information Warfare
Encryption
VPN’s, PKI, and PGP
Common Vulnerabilities in Wireless IPSec/VPN Deployments
Firewall Test, Port Scan, Spy Ware and Security Audit
Find Security Holes

IPv6 Risk Assessment and Auditing

Host and Network Based Intrusion Detection
Honeypots, Firewalls and Perimeter Protection
Security Policy
Information Warfare
Web Security
Network Fundamentals and IP Concepts and Behavior
Cisco Router Filters
Four Primary Threats for Perimeter Protection
PGP, Steganography
Anti-Viral Tools
Windows (2000, XP, NT, 98) IPv6 Security Administration and Auditing
IIS Security
Unix IPv6 Security

Firewalls, Perimeter Protection, and VPNs

IPv6 Stimulus/Response and Fragmentation
Complex IP Transports and Services
TCPdump, WINdump, Ethereal and Other Sniffers
Static Packet Filtering
Stateful Packet Filtering and Inspection
Proxies
Popular IPv6 Firewall Products
Implementing Security with Cisco Routers
Intrusion Detection
Centralized Logging
Firewall Log File Analysis
Log File Alerting
IPSec, SSL, and SSH
Designing a Secure Perimeter
Network and Host Based Auditing

Securing Unix/Linux and Microsoft Platforms in IPv6 Networks

Network-Based Attacks
Memory Attacks, Buffer Overflows
File System Attacks, Race Conditions
Trojan Horse Programs and Rootkits
Monitoring and Alerting Tools
Network Security Tools
Policies and Operations
DMZ: DeMilitarized Zone in Networks
Layered Defenses of Network and Information Security

IPv6 Security Considerations

ICMPv6 Protocol Protection
Scanning in IPv6
IPv6 extension header threats
IPv6 router header abuse
IPv6 fragmentation threats
ICMPv6 threats
Neighbor discovery threats
ND threat examples
Cryptographically Generated Addresses (CGA)
SEcure Neighbor Discovery (SEND)
SEND and CGA
Hardening IPv6 Network Devices
Threats Against Network Devices
Disabling Unnecessary Network Services
IPv6 Device Management
Threats Against Interior Routing Protocol
First-Hop Redundancy Protocol Security
Controlling Resources
QoS Threats
Server and Host Security
IPv6 Host Security
IPsec and SSL VPNs
Implementing Dual-Stack Security
Hacking the Tunnels
Attacking NAT-PT
IPv6 Latent Threats Against IPv4 Networks
Security Monitoring
Managing and Monitoring IPv6 Networks
Managing IPv6 Tunnels
Forensics Techniques
Using Intrusion Detection and Prevention Systems
Managing the Security Configuration
Changing Security Perimeter
Creating an IPv6 Security Policy
Securing the Transition Mechanisms
Understanding IPv4-to-IPv6 Transition Techniques

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top

Notice