Download Interent ExplorerDownload Apple SafariDownload OperaDownload FirefoxDownload Google Chrome

IPv6 Security Training

IPv6 Security Training

IPv6 Security Training:

IPv6 Security Training Course with Hands-on Labs (Online, Onsite, or Classroom Live)

In this IPv6 Security Training course, you will receive hands-on training on the latest security issues related to IPv6. You will learn how to recognize and proactively mitigate IPv6 attacks by configuring IPv6 Access Control Lists (ACLs) and creating firewall stateful rules. Hands-on labs will reinforce topics discussed during the IPv6 Security class, and you will use IPv6 hacking tools to actively attack ACL and firewall configurations.

What’s Included?

  • 4 days of IPv6 Security Training with an expert instructor
  • IPv6 Security Training Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee


Related Courses

Customize It:

  • If you are familiar with some aspects of this IPv6 Security Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the IPv6 Security Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the IPv6 Security Training course in a manner understandable to lay audiences.

Audience / Target Group

The target audience for this IPv6 Security Training course is defined here:

  • Engineers, developers, managers, risk analysts, ethical hackers, and anyone else who wants to learn IPv6 security.


After completing this IPv6 Security Training course, attendees will be able to:

  • How to write an IPv6 security policy and best practices
  • Create ACL and reflexive ACLs to protect your company’s network
  • Make firewalls IPv6 aware
  • Build objects and perform firewall filtering
  • IPSec filtering and configuring IPSec tunnels
  • Security issues related to IPv6 tunneling
  • Protect against IPv6 extension headers attacks
  • Recon attacks and exploits within the enterprise network
  • Implement security policies on local operating systems and servers
  • Configure packet filtering on firewalls and routers

Course Syllabus:

IPv6 Security Overview

  • Hacker types
  • Day zero preparations/prevention
  • Assessing your threats
  • CIA triad
  • Authentication methods
  • 1x support
  • User authorization
  • Cryptographically Generated Addresses (CGA)
  • Private addressing
  • Security overview
  • Privacy addresses

Router IPv6 Access Control List

  • DMZ Layer
  • Packet Filtering
  • IPv6 ACL packet flow
  • Link-local address filtering
  • Global IPv6 filtering
  • IPv6 Access-List
  • IPv6 Access-List using port numbers
  • Denying multicast traffic
  • Common other traffic to deny

IPv6 Reflexive List

  • Legacy established rule
  • Reflexive ACLs
  • Reflexive overview
  • TCP session termination
  • Reset flag
  • Ending TCP session
  • TCP final bit
  • UDP session end
  • Reflexive ACL example
  • Upper layer protocols

Securing Operating System Firewall

  • Windows local firewall
  • Windows 7 firewall
  • Advanced security
  • IPv6 services to filter on
  • Inbound filtering
  • Outbound filtering
  • Creating custom filtering rules
  • Disabling an IPv6 service
  • Disabling host router solicitation
  • Disabling host router advertisement
    • Filter result
  • Netsh local firewall commands
  • Linux firewalls
  • Linux netstat command
  • Linux NMAP command
  • Windows netstat command
  • Netstat connection states
  • Example netstat commands
  • Viewing host neighbor table
  • Show site prefixes
  • Viewing Windows routing table
  • Interface states
  • Disabling host tunneling
  • IPv6 Syslog server

IPv6 Firewall Security

  • Firewall vendors supporting IPv6
  • Firewall issues related to IPv6
  • Firewall best practices
  • Firewall Overview
  • Dual-stack support
  • Updated firewall security policy
  • Protocol mismatch example
  • Traffic class field inspection
  • Payload length
  • IPv6 next header
  • Extension header threats
  • Creating local firewall objects
  • Common IPv6 protocol filtering
  • Dual-stack firewall design
  • Independent firewall solution
  • 6to4 tunneling
  • Firewall fragmentation rules
  • Testing firewall
  • Fragment buffer overflow
  • Sync attack
  • Firewall management types

Hacking Tools and Threats

  • Common hacking tools
  • Scanning tools
  • Packet Manipulation tools
  • Scapy6
    • Scapy6 Commands
    • Source spoof packet example
  • Fragmentation hack
  • IPv6 packet fields
  • Crafted fragmented hack
  • ICMPv6 Parameter Problem
  • Redirect attack
  • Source spoof packet
  • DoS attack on the local router
  • IPv6 and Snort
  • Mobility with IPv6
  • Mobility cache poisoning

Protocol Issues and Threats

  • DNS infrastructure
  • DNS hack
  • Stateless HTTP
  • DHCP6 threats
    • DHCPv6 support
    • Stateless issues
    • DHCPv6 server types
    • DHCPv6 hack
    • DHCPv6 threats
    • DHCPv6 solution
    • Firewall and DHCPv6
    • Ping sweeps
  • Securing Routing Protocols
  • Routing protocol authentication
  • Securing EIGRPv6
  • OSPFv3 authentication
    • AH and ESP authentication
    • Interface authentication example
    • Header example
  • MP-BGP
    • BGP Overview
    • BGP best practices
    • IPSec peering establishment
    • BGP prefix example
    • BGP best practice example
    • BGP link-local peering
    • Long AS path filtering example
  • Securing Point-to-Point Links
    • Serial neighbor solicitation attack
    • Eliminating serial threats
Extension Header Threats
  • Summary of address threats
  • Extension header overview
  • Extension address threats
  • Extension header order
    • Routing header hack
    • Fragment header
    • Authentication header
    • ESP header
    • Destination options
    • Upper layer
  • Extension header hacks
    • Hop-by-Hop header hack
    • Routing header issues
    • Fragmentation header hacks
    • Destination Options header duplication
  • Scapy6 hacking tool
  • Filtering with ACL and firewalls

ICMPv6 ND Suite

  • Hacker Threats for IPv6
  • Neighbor Discovery
  • DHCPv6
    • Easy to guess addressing
    • Security concerns
    • Public to public addressing
    • DHCPv6 attack and authentication
  • Denial of Service (DoS)
  • Neighbor spoofing attack
  • Neighbor cache poisoning
  • Man-in-the-middle attack
  • DoS attack
    • ICMPv6 attacks
  • Anycast threat
  • Mitigate Neighbor Discovery threats
  • Secure Neighbor Discovery (SEND)

Snort Intrusion Detection System

  • Intrusion Detection Overview
  • Snort overview
    • Basic components of Snort
    • Rule overview
    • Snort rule format
    • Snort header format
    • Example rule header
    • Commonly used expressions
    • Snort variables
  • Defining IPv6 Variables
  • SID assignment
  • Custom IPv6 rules
  • Setting detection

Tunneling with IPSec

  • 6to4 manual tunneling (IPSec)
    • Sample configuration
    • Static point-to-point
    • Dynamic IGP tunneling
    • 6to4 threats
    • Mitigating 6to4 threats
  • GRE tunneling
    • Multipoint GRE 350
  • Dynamic Multi-Point Virtual Network (DMVPN)
    • Next-Hop Resolution Protocol (NHRP)
    • Next-Hop Server (NHS)
  • ISATAP Tunneling
    • ISATAP threats
    • Mitigating 6to4 threats
  • Teredo configuration
  • Teredo threats
  • Mitigate Teredo threats
  • DMVPN tunneling

IPSec Security

  • IPv6 IPSec overview
  • IPSec framework
  • IPSec
  • Authentication Header
  • Transport mode
  • Tunnel mode
  • Encapsulation Security Payload
  • Transport mode
  • Tunnel mode
  • Security Association
  • SPD/SAD example
  • IKE
  • Diffie-Hellman
  • Example IPSec IPv6 tunnel
  • Policy commands
  • IPSec profile

Lab 1: Initial IPv6 Security Lab

  • Perform initial IPv6 VLAN configuration on assigned firewall
  • Configure IPv6 addressing and routing on assigned router
  • Set up host workstation for IPv6 network
  • Configure both IPv4 and IPv6 addressing

Lab 2: Standard IPv6 ACL

  • Configure standard IPv6 ACL on assigned router
  • Test each ACL for proper configuration
  • Use show commands to view current configured ACLs

Lab 3: Reflexive IPv6 ACL

  • Configure classroom reflexive ACL
  • Perform proper filtering for connectivity for HTTP, FTP, SMTP, POP3, and TFTP protocols
  • Use show command to verify ACLs are using correct reflexive stateful operation

Lab 4: Windows Local Firewall Security/Application Security for IPv6

  • Configure local host firewall for filtering network traffic
  • Filter specific assigned applications

<Lab 5: Configuring IPSec Firewall

  • Configure firewall stateful filtering
  • Configure specific filtering rules on each student’s firewall

Lab 6: Hacking Tools for Creating IPv6 Hacks

  • Configure Scapy6 to craft IPv6 headers and perform classroom hacks
  • Use variety of hacking tools to spoof neighbor attacks
  • Use Alive6 for testing classroom firewalls
  • Test SourceIPv6
  • Use IPv6 probing for address and port number discovery
  • Configure and test NMAP

Lab 7: Custom IPv6 Snort Rules

  • Configure your IPS/IDS equipment to detect configured IPv6 patterns
  • Write custom Snort rules to detect specific threats

Lab 8: IPSec 6to4 Encrypted Tunneling 

  • Configure 6to4 tunnels
  • Test 6to4 tunneling to the core network
  • Filter unwanted traffic over IPv6 tunneling

Lab 10: Creating an IPv6 IPSec Tunnel

  • Each POD will create an IPv6 IPSec tunnel to their assigned neighbor
  • Use show commands and analyzer to verify proper configuration and encryption

IPv6 Security Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.

Request More Information

    Time frame: