The Security myth of IPv6 and DNS64
Submitted by A. S. M. Shamim Reza (@shamimreza) on Monday, 26 March 2018
How much trust do we put in the Internet and how much of that trust relies on DNS system? What is going on in the Community? Are we at the finish line of our Internet Address ? Yes lots of Questions !!! And yes Technically we are at the finish line of our IPv4 address. As we all know IPv6 is on the vive now.
What is IPv6? Today we will not learn how to calculate IPv6, no, not really. Than why we are here ? We will know why do we need IPv6 and How it can help our enterprise network. What are the security issue we may face with IPv6. Are those issue new or the Old wine in a new bottle? We will see the best practices and the challenges for IPv6 deployment at the Enterprise network.
Isnt it finished yet ? No, we have an important topic to discuss. We have deployed IPv6 but is that enough? Nop, we have DNS system for it and there are so many important issues with it. DNS64 is the IPv6 version of our regular DNS system. Here we will know the difference between the DNS and DNS64 system. Is DNSSec possible for DNS64 or not. What are the steps we have to be careful of at the deployment time and how we can mitigate the security aspects of DNS64 system.
Yes security is a myth. But can we just sit back and do nothing ? No thats not possible and that should not be. Technologies are changing day by day. So do we have to change our thoughts. We have to think in a way so that our information can not be stolen, and on the other hand we have to be careful enough to grub the technologies so that the overhead deployment cost wont give a panic.
It will be more of our journey to deploy IPv6 at our infrastructure. And it will have basic + intermediate.
Network and System administrator
I am an Open-source software enthusiast, system solution architect and Linux system expert with over 10 years of extensive experience; right now working on Linux OS developments from the scratch.
I am also an Information Security professional with over 8 years of diverse Information Security experience; from the evolving enterprise needs of large and complex organizations, to the development of large public web properties, and protecting their applications, data and infrastructure from attack.
I believe sharing my experience to the community will help secure the infrastructure.