Thursday, April 27, 2017


Perimeter Security Concerns.
Addressing. IPv6 is more flexible in its approach to dynamic addressing. Instead
of solely relying on DHCP, an IPv6 device can address itself through stateless address autoconfiguration (SLAAC). The host uses a unique identifier (typically its own Message Authentication Code (MAC) address) in addition to the Neighbor Discovery (ND) protocol to complete the automatic addressing. Since there is no authentication requirement, the GSD must prevent external devices from attempting to act as an internalrouter during the addressing process.
The significant increase of available addresses in any particular IPv6 network makes it infeasible to discover devices and network topology using traditional port scanning methodologies. By using the multicast listener discovery (MLD) protocol, an attacker can send a probe to the link-local multicast address (ff02::1) and listen for responses. The GSD must block this capability at the perimeter to prevent external devices from attempting to discover internal host sand topologies.

IP forwarding

However, for firewalls using multiple interfaces, ensure that you disable the TCP/IP protocol feature IP forwarding. IP forwarding is actual...