ID : 51262112129 TITLE : EVOLUTION OF IPV4 TO IPV6 AND SECURITY ANALYSIS SUPERVISOR : SIR AHMAD ROSHIDI BIN AMRAN RESULT/ANALYSIS ITEM IPV4 IPV6 Address 32 bits long. Various address classes are defined: A, B, C, D, or E depending on initial few bits 128 bits long. The host portion of an IPv6 address will be derived from a MAC address or other interface identifier. Address Resolution ARP is used by IPv4 to find a physical address, such as the MAC or link address, associated with an IPv4 address. IPv6 uses Neighbor Discovery Address Resolution to map an IPv6 addresses onto a MAC address Address types Three basic types: unicast address, multicast address, and broadcast address. Three basic types: unicast address, multicast address, and anycast address Multicast Addresses uses "Class D" addresses (224.0.0.0 to 239.255.255.255) for multicast - optional strong support for multicast. Multicast is used extensively in IPv6 mechanisms, such as Router Discovery and Stateless Address Autoconfiguration, so support is mandatory ITEM IPV4 IPV6 Configuration Must configure a newly installed system before it can communicate with other systems Configuration is optional. IPv6 interfaces are self-configuring using IPv6 stateless auto configuration DHCP DHCP is used to dynamically obtain an IP addres DHCP does not support IPv6. FTP FTP allows you to send and receive files across networks. FTP does not support IPv6 NAT Basic firewall functions integrated into TCP/IP NAT does not support IPv6 IPSEC IPSEC that have been modify from IPv6 to work with IPv4. might not work well if NAT is used originally created as a part of IPv6. does not work well with NAT Result /analysis IPv4 SITE TO SITE IPSEC VPN Result /analysis IPv6 SITE TO SITE IPSEC VPN Show crypto ipsec sa THREAT COMPARISON TYPE IPv4 IPv6 Reconnaissance Possibility is high More difficult because of address length Sniffing attack Possibility is high More difficult because of Ipsec Application attack Same possibility Same possibility
Flooding attack Same possibility
Same possibility
Smurf attack Possibility is high
Ipv6 have no broadcast so smurf attack is impossible. Viruses and worms Possibility is high
Worm / Viruses which use Internet scanning for propogation will need to adapt to the vastly increased size of IPv6 subnets. IPv6 makes some things better/worse/different, but no more or less secure Better Automated scanning and worm propagation is harder due to huge subnets Link-local addressing can limit infrastructure attacks IPsec is a mandatory feature Worse Lack of familiarity with IPv6 among operators Immaturity of software Vulnerabilities in transition techniques CONCLUSION From the Packet Tracer, we can see the different in configuration for Ipv4 and Ipv6 in term of address length, routing, packet header, address resolution and else. From Gns3, the Ipsec is working as its stated. The data is safely encrypted into vpn tunnel from one end to another end. In conclusion, Ipv6 clearly have more advantage than ipv4. ipv6 have more robust security thus will benefit the user from threat such as scan attack, reconnaissance and Ip sweep. From this, we can say that the objective have been achieved