General IPv6 Security Practices

written by: Ahmad Rivkin; article published: year 2007, month 10;


In: Categories » Electronics and communication » Protocols » General IPv6 Security Practices

Standard security practices involve two "triads" of thought, CIA and AAA. The CIA triad includes:

Confidentiality

Stored or transmitted information cannot be read or altered by an unauthorized party.

Integrity

Any alteration of transmitted or stored information can be detected.

Availability

The information in question is readily accessible to authorized users at all times.

The AAA triad includes:

Authentication

Ensuring an individual or group is who they say they are. The act of clarifying a claimed identity. Common forms of authentication include usernames and passwords or ATM card/PIN combinations.

Authorization

Ensuring that the authenticated user or group has the proper rights to access the information they are attempting to access. Common implementations include access control lists (ACLs).

Accounting

The act of collecting information on resource usage. The log of an HTTP server would be a common form of accounting.

Nonrepudiation is not included in the CIA/AAA Triads. Nonrepudiation means a specified action such as sending, receiving, or deleting of information cannot be denied by any of the parties involved.

These security requirements need to be provided by two basic security elements: encryption (to provide confidentiality) and secure checksums (to provide integrity). Suitable combinations of these two elements may then be used to provide more complex services, such as authenticity and nonrepudiation.

There are two forms of encryption that are commonly used. The first is called "Secret Key Cryptography," also termed symmetric key encryption , which requires the sender and recipient to agree on a shared secret (i.e., a key or password) that is then used to encrypt and decrypt the information exchanged. Common symmetric key algorithms are DES, 3DES, IDEA, RC-4, and AES.

The second is called "Public Key Cryptography," also termed asymmetric encryption. An asymmetric encryption algorithm uses a key pair consisting of a known and distributed public key and an individual private key. When a message is encrypted using the public key and decrypted by the receiver with the corresponding private key, only the intended recipient is capable of seeing the encrypted message. This form of encryption can be used to establish a confidential data exchange. If in addition, the message was also encrypted with the sender's private key and then decrypted by the recipient with a corresponding public key, the security services of data origin authentication and nonrepudiation are added. Common asymmetric key algorithms are RSA and ElGamal.

Secure checksums or hash functions often provide data integrity. A hash function takes input of an arbitrary length and outputs fixed-length code. The fixed-length output is called the message digest, or the hash, of the original input message. These hashes are unique and thereby provide the integrity and authenticity of the message. Common one-way hash functions are MD-5 and SHA-1.

The IPsec standard uses a combination of algorithmic choices based on symmetric and asymmetric cryptography, as well as one-way hash functions.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Standardized Protocols for Private Instant Messaging
Although momentum is building for a standardized protocol for instant messaging, interoperability among IM applications continues to be vexed by unresolved business and security issues. Recently, the Internet Engineering Task Force (IETF)-sponsored protocol that would be a key to interoperability was criticized for being insecure by IM software vendors such as AOL Time Warner Inc. and IBM’s Lotus Software. The Lotus-AOL test used a variation of Simple Implementation Protocol (SIP) known as SIP for Instant Messaging ...

2. Detecting Unauthorized 802.11 Cards and Access Points
The first goal is detection. Can we tell when someone powers on a card within range of the local network? This can be done with off-the-shelf components and free software. The Cisco Aironet driver included with the more recent Linux kernels supports "RF Monitor" mode, which permits promiscuous monitoring of 802.11 packets - specifically, monitoring raw 802.11 frames to detect if there are any telltale frames broadcast by a rogue access point or card. As outlined in the original 802.11 specification, ther...

3. The HTTP Request and Response Codes
The HTTP protocol can be likened to a conversation based on a series of questions and answers, which we refer to respectively as HTTP requests and HTTP responses. The contents of HTTP requests and responses are easy to read and understand, being near to plain English in their syntax. This section examines the structure of these requests and responses, along with a few examples of the sorts of data they may contain. The HTTP Request After opening a connection to the intended serv...

4. INFRASTRUCTURE PROTOCOLS AND APPLICATIONS
H.323 H.323 defines packet standards for terminal equipment and services for multimedia communications over local and wide area  networks  communicating  with  systems  connected  to telephony networks such as ISDN. The initial version of this standard  came from the International Telecommunications Union (ITU) in June 1996. It  defines  communication over IP-based local area networks (LANs). A later version (v2), adopted in January 1998, extended it over wide are...

5. Wireless IN Services
The IN protocols and concepts can be used to implement enhanced wireless services rapidly and to have these services available across serving areas in an untethered wireless network. Some of these services are listed below: Voice-Based User Identification. This service employs a form of automatic speech recognition to validate the identity of the speaker. Access to services can then be restricted to the user whose voice (phrase) has been used to train the recognition device. Voice-Based Featur...

6. Wireless LAN and Personal Area Network
The Wireless Internet is not just wireless communications across town or the country. It is also local—sometimes in a home or office building. Wireless LANs are just becoming popular with economically  priced  wireless  Ethernet  equipment.  Standards such as IEEE 802.11, HiperLAN2, and Home RF are leading the way to untethered communications in-building or outside over small areas. Another important development is the Personal Area Network, also known as Bluetooth. Let’s take a look at each of th...

7. The Domain Concept
The solution to all of these problems is the network domain. In a domain, you only have a single name and password, which gets you into every shared PC and printer on the network. Everyone's account information resides on a central computer called a domain controllera computer so important, it's usually locked away in a closet or a data-center room. A domain controller keeps track of who is allowed to log on, who is logged on, and what each person is allowed to do on the network. When you log onto the domain with your PC,...

8. Duplexing Techniques in Wireless communication systems
Wireless communication systems have evolved through several stages of multiple-access control. The foremost controllable resource has always been the frequency spectrum. Other resources such as time, code, and space were initially manipulated in a very precarious and, therefore, ineffective manner. The early systems operated in the simplex mode in the forward link. Halfduplex systems soon appeared, in which forward link and reverse link shared the same channel. Access control was performed on a push-to-talk basis wit...

9. Wireless Networks (WiFi or 802.11)
Millions of people, have embraced the flexibility of a networking system that involves no wires at alla cordless networking technology called WiFi or 802.11 ("eight-oh-two dot eleven"). (Your Macintosh friends probably call the same thing AirPort, because that's what Apple calls it.) To get onto a wireless network, your PC needs a WiFi transmitter. Almost every laptop sold today has WiFi built in. You can also add it to a desktop in the form of a wireless card or USB adapter; either way, you gain a little antenna. Once...

10. VPN and Tunneling Protocols
Let us discuss the most common and widely used real-world VPN protocols. The growing number of users, the ease of accessibility, and the reduced cost of the Internet connection have introduced a greater need for cost-effective and secure communications without purchase of leased lines. Many companies participated in the development that resulted in the creation of different VPN standards and protocols. We discuss the most common ones here. IPSec IPSec is the most widely acknowledged, supported, and standardize...