IPv6 Security Training

IPv6 Security Training Course with Hands-On Exercises (Online, Onsite and Classroom Live)

In this IPv6 Security Training course, you will receive hands-on training for the latest security issues related to IPv6. You will learn how to recognize and proactively mitigate IPv6 attacks by configuring IPv6 Access Control Lists (ACLs) and creating firewall stateful rules. Hands-on labs will reinforce topics discussed during IPv6 Security class, and you will use IPv6 hacking tools to actively attack ACL and firewall configurations.

IPv6 Security TrainingDuration: 4 days

  • We can adapt this IPv6 Security Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this IPv6 Security Training course, we can omit or shorten their discussion
  • We can adjust the emphasis placed on the various topics or build the IPv6 Security Training Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the IPv6 Security Training course in manner understandable to lay audiences.

The target audience for this IPv6 Security Training course:

  • This IPv6 Security Training course is highly recommended for Network Administrators, Network Engineers, Penetration Testers, Security Administrators, and Security Professionals in general.

The knowledge and skills that a learner must have before attending this IPv6 Security Training course are:

  • Introduction to IPv6 Protocols, Services, and Migration
IPv6 Security Training - OBJECTIVES

Upon completing this IPv6 Security Training course, learners will be able to meet these objectives:

  • How to write an IPv6 security policy and best practices
  • Create ACL and reflexive ACLs to protect your company’s network
  • Make firewalls IPv6 aware
  • Build objects and perform firewall filtering
  • IPSec filtering and configuring IPSec tunnels
  • Security issues related to IPv6 tunneling
  • Protect against IPv6 extension headers attacks
  • Recon attacks and exploits within the enterprise network
  • Implement security policies on local operating systems and servers
  • Configure packet filtering on firewalls and routers
IPv6 Security Training - COURSE SYLLABUS
IPv6 Security Overview
  • Hacker types
  • Day zero preparations/prevention
  • Assessing your threats
  • CIA triad
  • Authentication methods
  • 1x support
  • User authorization
  • Cryptographically Generated Addresses (CGA)
  • Private addressing
  • Security overview
  • Privacy addresses
 Router IPv6 Access Control List
  • DMZ Layer
  • Packet Filtering
  • IPv6 ACL packet flow
  • Link-local address filtering
  • Global IPv6 filtering
  • IPv6 Access-List
  • IPv6 Access-List using port numbers
  • Denying multicast traffic
  • Common other traffic to deny
 IPv6 Reflexive List
  • Legacy established rule
  • Reflexive ACLs
  • Reflexive overview
  • TCP session termination
  • Reset flag
  • Ending TCP session
  • TCP final bit
  • UDP session end
  • Reflexive ACL example
  • Upper layer protocols
 Securing Operating System Firewall
  • Windows local firewall
  • Windows 7 firewall
  • Advanced security
  • IPv6 services to filter on
  • Inbound filtering
  • Outbound filtering
  • Creating custom filtering rules
  • Disabling an IPv6 service
  • Disabling host router solicitation
  • Disabling host router advertisement
    • Filter result
  • Netsh local firewall commands
  • Linux firewalls
  • Linux netstat command
  • Linux NMAP command
  • Windows netstat command
  • Netstat connection states
  • Example netstat commands
  • Viewing host neighbor table
  • Show site prefixes
  • Viewing Windows routing table
  • Interface states
  • Disabling host tunneling
  • IPv6 syslog server
 IPv6 Firewall Security
  • Firewall vendors supporting IPv6
  • Firewall issues related to IPv6
  • Firewall best practices
  • Firewall overview
  • Dual-stack support
  • Updated firewall security policy
  • Protocol mismatch example
  • Traffic class field inspection
  • Payload length
  • IPv6 next header
  • Extension header threats
  • Creating local firewall objects
  • Common IPv6 protocol filtering
  • Dual-stack firewall design
  • Independent firewall solution
  • 6to4 tunneling
  • Firewall fragmentation rules
  • Testing firewall
  • Fragment buffer overflow
  • Sync attack
  • Firewall management types
Hacking Tools and Threats
  • Common hacking tools
  • Scanning tools
  • Packet Manipulation tools
  • Scapy6
    • Scapy6 Commands
    • Source spoof packet example
  • Fragmentation hack
  • IPv6 packet fields
  • Crafted fragmented hack
  • ICMPv6 Parameter Problem
  • Redirect attack
  • Source spoof packet
  • DoS attack on local router
  • IPv6 and Snort
  • Mobility with IPv6
  • Mobility cache poisoning
 Protocol Issues and Threats
  • DNS infrastructure
  • DNS hack
  • Stateless HTTP
  • DHCP6 threats
    • DHCPv6 support
    • Stateless issues
    • DHCPv6 server types
    • DHCPv6 hack
    • DHCPv6 threats
    • DHCPv6 solution
    • Firewall and DHCPv6
    • Ping sweeps
  • Securing Routing Protocols
  • Routing protocol authentication
  • Securing EIGRPv6
  • OSPFv3 authentication
    • AH and ESP authentication
    • Interface authentication example
    • Header example
  • MP-BGP
    • BGP Overview
    • BGP best practices
    • IPSec peering establishment
    • BGP prefix example
    • BGP best practice example
    • BGP link-local peering
    • Long AS path filtering example
  • Securing Point-to-Point Links
    • Serial neighbor solicitation attack
    • Eliminating serial threats
Extension Header Threats
  • Summary of address threats
  • Extension header overview
  • Extension address threats
  • Extension header order
    • Routing header hack
    • Fragment header
    • Authentication header
    • ESP header
    • Destination options
    • Upper layer
  • Extension header hacks
    • Hop-by-Hop header hack
    • Routing header issues
    • Fragmentation header hacks
    • Destination Options header duplication
  • Scapy6 hacking tool
  • Filtering with ACL and firewalls
 ICMPv6 ND Suite
  • Hacker Threats for IPv6
  • Neighbor Discovery
  • DHCPv6
    • Easy to guess addressing
    • Security concerns
    • Public to public addressing
    • DHCPv6 attack and authentication
  • Denial of Service (DoS)
  • Neighbor spoofing attack
  • Neighbor cache poisoning
  • Man-in-the-middle attack
  • DoS attack
    • ICMPv6 attacks
  • Anycast threat
  • Mitigate Neighbor Discovery threats
  • Secure Neighbor Discovery (SEND)
 Snort Intrusion Detection System
  • Intrusion Detection Overview
  • Snort overview
    • Basic components of Snort
    • Rule overview
    • Snort rule format
    • Snort header format
    • Example rule header
    • Commonly used expressions
    • Snort variables
  • Defining IPv6 Variables
  • SID assignment
  • Custom IPv6 rules
  • Setting detection
 Tunneling with IPSec
  • 6to4 manual tunneling (IPSec)
    • Sample configuration
    • Static point-to-point
    • Dynamic IGP tunneling
    • 6to4 threats
    • Mitigating 6to4 threats
  • GRE tunneling
    • Multipoint GRE 350
  • Dynamic Multi-Point Virtual Network (DMVPN)
    • Next-Hop Resolution Protocol (NHRP)
    • Next-Hop Server (NHS)
  • ISATAP Tunneling
    • ISATAP threats
    • Mitigating 6to4 threats
  • Teredo configuration
  • Teredo threats
  • Mitigate Teredo threats
  • DMVPN tunneling
 IPSec Security
  • IPv6 IPSec overview
  • IPSec framework
  • IPSec
  • Authentication Header
  • Transport mode
  • Tunnel mode
  • Encapsulation Security Payload
  • Transport mode
  • Tunnel mode
  • Security Association
  • SPD/SAD example
  • IKE
  • Diffie-Hellman
  • Example IPSec IPv6 tunnel
  • Policy commands
  • IPSec profile
Lab 1: Initial IPv6 Security Lab
  • Perform initial IPv6 VLAN configuration on assigned firewall
  • Configure IPv6 addressing and routing on assigned router
  • Set up host workstation for IPv6 network
  • Configure both IPv4 and IPv6 addressing
Lab 2: Standard IPv6 ACL
  • Configure standard IPv6 ACL on assigned router
  • Test each ACL for proper configuration
  • Use show commands to view current configured ACLs
Lab 3: Reflexive IPv6 ACL
  • Configure classroom reflexive ACL
  • Perform proper filtering for connectivity for HTTP, FTP, SMTP, POP3, and TFTP protocols
  • Use show command to verify ACLs are using correct reflexive stateful operation
Lab 4: Windows Local Firewall Security/Application Security for IPv6
  • Configure local host firewall for filtering network traffic
  • Filter specific assigned applications
Lab 5: Configuring IPSec Firewall
  • Configure firewall stateful filtering
  • Configure specific filtering rules on each student’s firewall
Lab 6: Hacking Tools for Creating IPv6 Hacks
  • Configure Scapy6 to craft IPv6 headers and perform classroom hacks
  • Use variety hacking tools spoof neighbor attacks
  • Use Alive6 for testing classroom firewalls
  • Test SourceIPv6
  • Use IPv6 probing for address and port number discovery
  • Configure and test NMAP
Lab 7: Custom IPv6 Snort Rules
  • Configure your IPS/IDS equipment to detect configured IPv6 patterns
  • Write custom Snort rules to detect specific threats
Lab 8: IPSec 6to4 Encrypted Tunneling 
  • Configure 6to4 tunnels
  • Test 6to4 tunneling to core network
  • Filter unwanted traffic over IPv6 tunneling
Lab 10: Creating an IPv6 IPSec Tunnel
  • Each POD will create an IPv6 IPSec tunnel to their assigned neighbor
  • Use show commands and analyzer to verify proper configuration and encryption
IPv6 Security Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: