IPv6 security manual for pentesting

IPv6 is the new Internet protocol that makes every device, telephone and computer on the Internet accessible. The old Internet protocol, IPv4, has long since had no new addresses and requires more and more art and aerial work to keep equipment on the Internet accessible. The switch from IPv4 to IPv6 is a considerable investment for the service providers: it requires a lot of knowledge and can only be implemented step by step. As a result, the subject easily disappears from the agenda. The shortage of IPv4 addresses is increasingly leading to stability problems on the internet and, in connection with this, to problems for security and privacy. In order to continue to facilitate the growth of the internet, service providers must switch to IPv6.

If you would like to check whether your website and mail servers support IPv6 correctly and also use other standards that are essential for the stability and security of the Internet.

Together with several IT security companies (Fox-IT, ITsec, Madison-Gurkha, Pine Digital Security, Riscure) TNO has recently drawn up a white paper in the field of IPv6 security. This white paper aims to provide a manual from the perspective of penetration testers in order to perform future tests better and/or more efficiently.

Safer computer networks through IPV6 testing methodology

More and more communication between computer systems takes place by means of the new Internet Protocol, IPv6. However, an increase in use also involves an increase in the risk of cyber attacks. TNO considers it important to contribute to reducing these risks.

In collaboration with Fox-IT, ITsec, Madison-Gurkha, Pine Digital Security and Riscure, a manual has been drawn up that allows security researchers to analyse IPv6 computer networks. In this manual, the most common problems are explained and provided with the information to test for their presence and information about possible countermeasures. The realisation of this has been supported by a subsidy from the Ministry of Economic Affairs, which stimulates innovation within an SME sector.

IPV6

The rise of IPv6 continues steadily, and more and more new equipment supports this protocol. If an organization chooses to have its computer systems communicate on the basis of IPv6, there are choices that need to be made: for example, about the way in which systems get the right settings, and the settings of security products such as firewalls. This is comparable to the IPv4 protocol, but often just a bit different. Where IPv4 has been used for decades, the awareness of the measures to be taken is generally much higher.

PENTESTING

One way to test the security level is based on a so-called ‘penetration test’ or ‘pen test’. From the perspective of an attacker, an attempt is made to break into or damage a computer network. However, a concrete manual based on which an IPv6 environment can be tested was not (publicly) available. The result of this research has changed this, and future tests can be performed better and/or more efficiently. This ultimately reduces the damage caused by future cyber attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *