The similarities between the IPv4- and IPv6-based threats lead to the conclusion that the security measures developed and field proven for IPv4 should be used in the case of IPv6. In review, the best practices that should be considered in securing an IPv6 deployment are as follows:
You should apply these recommendations to hosts, routers, and firewalls as applicable. Before designing the security policies to be applied in an IPv6 deployment, it is important to evaluate the capability of the devices that support them. All the features necessary to implement the above best practices in Cisco IOS software and in Cisco Firewalls are currently available. The perimeter security topology described in Figure 9-1 is likely to be applied to the IPv6 deployments, too. It has proven itself in the IPv4 networks, and IPv6 services are likely to coexist with the IPv4 ones for a long time and therefore share a significant part of the infrastructure. Under these conditions, a first step in protecting the IPv6 deployments is to match the IPv4 security policies for IPv6. The next step is to implement those policies that are addressing IPv6-specific vulnerabilities. |