IPv6 Security Training
Commitment | 4 Days, 7-8 hours a day. |
Language | English |
User Ratings | Average User Rating 4.8 See what learners said |
Price | REQUEST |
Delivery Options | Instructor-Led Onsite, Online, and Classroom Live |
COURSE OVERVIEW
In this IPv6 Security Training course, you will receive hands-on training for the latest security issues related to IPv6. You will learn how to recognize and proactively mitigate IPv6 attacks by configuring IPv6 Access Control Lists (ACLs) and creating firewall stateful rules. Hands-on labs will reinforce topics discussed during the IPv6 Security class, and you will use IPv6 hacking tools to actively attack ACL and firewall configurations.
WHAT'S INCLUDED?
- 4 days of IPv6 Security Training with an expert instructor
- IPv6 Security Training Electronic Course Guide
- Certificate of Completion
- 100% Satisfaction Guarantee
RESOURCES
- IPv6 Security – https://www.wiley.com/
- IPv6 Security Training – https://www.packtpub.com/
- IPv6 Security – https://store.logicaloperations.com/
- IPv6 Security Training – https://us.artechhouse.com/
- IPv6 Security Training – https://www.amazon.com/
RELATED COURSES
ADDITIONAL INFORMATION
COURSE OBJECTIVES
Upon completing this IPv6 Security Training course, learners will be able to meet these objectives:
- How to write an IPv6 security policy and best practices
- Create ACL and reflexive ACLs to protect your company’s network
- Make firewalls IPv6 aware
- Build objects and perform firewall filtering
- IPSec filtering and configuring IPSec tunnels
- Security issues related to IPv6 tunneling
- Protect against IPv6 extension headers attacks
- Recon attacks and exploits within the enterprise network
- Implement security policies on local operating systems and servers
- Configure packet filtering on firewalls and routers
CUSTOMIZE IT
- We can adapt this IPv6 Security Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this IPv6 Security Training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the IPv6 Security Training around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the IPv6 Security Training course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP
The target audience for this IPv6 Security Training course:
- This IPv6 Security Training course is highly recommended for Network Administrators, Network Engineers, Penetration Testers, Security Administrators, and Security Professionals in general.
CLASS PREREQUISITES
IPv6 Security Training
The knowledge and skills that a learner must have before attending this IPv6 Security Training course are:
- Basic networking knowledge
- IPv6 Training Fundamentals
COURSE SYLLABUS
IPv6 Security Overview
- Hacker types
- Day zero preparations/prevention
- Assessing your threats
- CIA triad
- Authentication methods
- 1x support
- User authorization
- Cryptographically Generated Addresses (CGA)
- Private Addressing
- Security overview
- Privacy addresses
Router IPv6 Access Control List
- DMZ Layer
- Packet Filtering
- IPv6 ACL packet flow
- Link-local address filtering
- Global IPv6 filtering
- IPv6 Access-List
- IPv6 Access-List using port numbers
- Denying multicast traffic
- Common other traffic to deny
IPv6 Reflexive List
- Legacy established rule
- Reflexive ACLs
- Reflexive overview
- TCP session termination
- Reset flag
- Ending TCP session
- TCP final bit
- UDP session end
- Reflexive ACL example
- Upper layer protocols
Securing Operating System Firewall
- Windows local firewall
- Windows 7 firewall
- Advanced security
- IPv6 services to filter on
- Inbound filtering
- Outbound filtering
- Creating custom filtering rules
- Disabling an IPv6 service
- Disabling host router solicitation
- Disabling host router advertisement
- Filter result
- Netsh local firewall commands
- Linux firewalls
- Linux netstat command
- Linux NMAP command
- Windows netstat command
- Netstat connection states
- Example netstat commands
- Viewing the host neighbor’s table
- Show site prefixes
- Viewing Windows routing table
- Interface states
- Disabling host tunneling
- IPv6 Syslog server
IPv6 Firewall Security
- Firewall vendors supporting IPv6
- Firewall issues related to IPv6
- Firewall best practices
- Firewall Overview
- Dual-stack support
- Updated firewall security policy
- Protocol mismatch example
- Traffic class field inspection
- Payload length
- IPv6 next header
- Extension header threats
- Creating local firewall objects
- Common IPv6 protocol filtering
- Dual-stack firewall design
- Independent firewall solution
- 6to4 tunneling
- Firewall fragmentation rules
- Testing firewall
- Fragment buffer overflow
- Sync attack
- Firewall management types
IPv6 Security Training – Hacking Tools and Threats
- Common hacking tools
- Scanning tools
- Packet Manipulation tools
- Scapy6
- Scapy6 Commands
- Source spoof packet example
- Fragmentation hack
- IPv6 packet fields
- Crafted fragmented hack
- ICMPv6 Parameter Problem
- Redirect attack
- Source spoof packet
- DoS attack on the local router
- IPv6 and Snort
- Mobility with IPv6
- Mobility cache poisoning
Protocol Issues and Threats
- DNS infrastructure
- DNS hack
- Stateless HTTP
- DHCP6 threats
- DHCPv6 support
- Stateless issues
- DHCPv6 server types
- DHCPv6 hack
- DHCPv6 threats
- DHCPv6 solution
- Firewall and DHCPv6
- Ping sweeps
- Securing Routing Protocols
- Routing protocol authentication
- Securing EIGRPv6
- OSPFv3 authentication
- AH and ESP authentication
- Interface authentication example
- Header example
- MP-BGP
- BGP Overview
- BGP best practices
- IPSec peering establishment
- BGP prefix example
- BGP best practice example
- BGP link-local peering
- Long AS path filtering example
- Securing Point-to-Point Links
- Serial neighbor solicitation attack
- Eliminating serial threats
Extension Header Threats
- Summary of address threats
- Extension header overview
- Extension address threats
- Extension header order
- Routing header hack
- Fragment header
- Authentication header
- ESP header
- Destination options
- Upper layer
- Extension header hacks
- Hop-by-Hop header hack
- Routing header issues
- Fragmentation header hacks
- Destination Options header duplication
- Scapy6 hacking tool
- Filtering with ACL and firewalls
IPv6 Security Training – ICMPv6 ND Suite
- Hacker Threats for IPv6
- Neighbor Discovery
- DHCPv6
- Easy to guess addressing
- Security concerns
- Public to the public addressing
- DHCPv6 attack and authentication
- Denial of Service (DoS)
- Neighbor spoofing attack
- Neighbor cache poisoning
- Man-in-the-middle attack
- DoS attack
- ICMPv6 attacks
- Anycast threat
- Mitigate Neighbor Discovery threats
- Secure Neighbor Discovery (SEND)
Snort Intrusion Detection System
- Intrusion Detection Overview
- Snort overview
- Basic components of Snort
- Rule overview
- Snort rule format
- Snort header format
- Example rule header
- Commonly used expressions
- Snort variables
- Defining IPv6 Variables
- SID assignment
- Custom IPv6 rules
- Setting detection
Tunneling with IPSec
- 6to4 manual tunneling (IPSec)
- Sample configuration
- Static point-to-point
- Dynamic IGP tunneling
- 6to4 threats
- Mitigating 6to4 threats
- GRE tunneling
- Multipoint GRE 350
- Dynamic Multi-Point Virtual Network (DMVPN)
- Next-Hop Resolution Protocol (NHRP)
- Next-Hop Server (NHS)
- ISATAP Tunneling
- ISATAP threats
- Mitigating 6to4 threats
- Teredo configuration
- Teredo threats
- Mitigate Teredo threats
- SSL VPN
- DMVPN tunneling
IPSec Security
- IPv6 IPSec overview
- IPSec framework
- IPSec
- Authentication Header
- Transport mode
- Tunnel mode
- Encapsulation Security Payload
- Transport mode
- Tunnel mode
- Security Association
- SPD/SAD example
- IKE
- ISAKMP
- Diffie-Hellman
- Example IPSec IPv6 tunnel
- Policy commands
- IPSec profile
LABS:
Lab 1: Initial IPv6 Security Lab
- Perform initial IPv6 VLAN configuration on the assigned firewall
- Configure IPv6 addressing and routing on the assigned router
- Set up host workstation for IPv6 network
- Configure both IPv4 and IPv6 addressing
Lab 2: Standard IPv6 ACL
- Configure standard IPv6 ACL on the assigned router
- Test each ACL for proper configuration
- Use show commands to view current configured ACLs
Lab 3: Reflexive IPv6 ACL
- Configure classroom reflexive ACL
- Perform proper filtering for connectivity for HTTP, FTP, SMTP, POP3, and TFTP protocols
- Use the show command to verify ACLs are using the correct reflexive stateful operation
Lab 4: Windows Local Firewall Security/Application Security for IPv6
- Configure local host firewall for filtering network traffic
- Filter-specific assigned applications
Lab 5: Configuring IPSec Firewall
- Configure firewall stateful filtering
- Configure specific filtering rules on each student’s firewall
Lab 6: Hacking Tools for Creating IPv6 Hacks
- Configure Scapy6 to craft IPv6 headers and perform classroom hacks
- Use a variety of hacking tools spoof neighbor attacks
- Use Alive6 for testing classroom firewalls
- Test SourceIPv6
- Use IPv6 probing for address and port number discovery
- Configure and test NMAP
Lab 7: Custom IPv6 Snort Rules
- Configure your IPS/IDS equipment to detect configured IPv6 patterns
- Write custom Snort rules to detect specific threats
Lab 8: IPSec 6to4 Encrypted Tunneling
- Configure 6to4 tunnels
- Test 6to4 to tunnel to the core network
- Filter unwanted traffic over IPv6 tunneling
Lab 10: Creating an IPv6 IPSec Tunnel
- Each POD will create an IPv6 IPSec tunnel to their assigned neighbor
- Use show commands and analyzer to verify proper configuration and encryption