The document discusses the security implications of deploying IPv6 from a user's perspective, highlighting common misconceptions that IPv6 is inherently more secure than IPv4. It covers various network security considerations, the unique challenges of IPv6, and lessons learned from implementing a secure IPv6 infrastructure. Key topics include address allocation, firewall configurations, vulnerabilities, and the transition to dual-stack systems.

1. IPv6 and security from a user’s point of viewAWT.beir. Zaccone Carmelo Expert within the ‘Pôle Veille Technologique et Juridique’ Agence Wallonne des Télécommunications

2. AgendaQuick overview of network security considerationsThe AWT.be’ safe/secure IPv6 deployement scenarioConclusions: the errors, mistakes and lessons learned

3. Putting the rumorasideIt’s very often said that IPv6 is more secure than IPv4. This is a false rumour!IPsec is indeed mandatory but only mean a more secure data transport:

4. iif endorsed by all hosts

5. iif implemented by all applications

6. iif a key exchange system is adopted worldwidePutting the rumorasideAssuming all of this would however enable to have a more secure Internet: Operators may tracks sources of attacks because of

7. direct host-to-host communications

8. v6 infrastructure support peer-to-peer applicationsBoth protocols face most of the same threatsMostly the same:

9. Layer 3/Layer 4 spoofing/sniffing, network flooding,

10. DHCP vulnerabilities, Man in the Middle attacks,

11. Virus, spam, spit, ...

12. Nevertheless, IPv6 specificities bring new perspectives on some type of attacks

13. The IPv6 protocol security enhancements

14. closes doors for some threats

15. open new doors for some others threats

16. NDP & auto-configuration offers new attacks (e.g. fake RA, fake DaD reply). nb: SEND is a potential answer