Book review: IPv6 Security

Submitted by Kai on Wed, 2009-05-13 17:18.
If you are doing networking, you have come by IPv6 by now. If not, you are either not doing networking, or you need to wake up. It does not necessarily mean that you use IPv6, but it is time to look into it.

If you are using Cisco equipments, then the book IPv6 Security, Protection measures for the next Internet Protocol, by Scott Hogg and Eric Vyncke should be in your book shelf. This book not only discuss the vulnerabilities of IPv6, it also gives you hands on tips on how to mitigate those issues. The book is full of examples of how to both reproduce the challenges described, but most importantly it shows you how to alter your setup and systems in order to reduce the risk.

Allthough the book is a Cisco Press book, meaning that the focus is entirely on Ciscos own products (possibly leaving out all issues not covered by Cisco products), the explanations of the vulnerabilities are great, and the examples on setup changes are pretty easy to understand, if you have some knowledge of IPv6 and CLI. If you are not into CLI at all, or have no previous understanding of IPv6, the book does point you to relevant resources to study the topic. However, the writing skills of the authors helps present the topic is a very nice way. It is easy to understand and relate to the matters described, and I dare say that you do not need to be a high level expert to gain a lot from this book.

I therefore believe that if you are network engineer, with some understanding of network security (like packet filtering, ACLs etc), you should be able to make good use of this book. Even if you are not using Cisco products. If you are not into Cisco, you will have to "translate" the CLI commands in the books examples to the correct on your systems, but have you played with CLI at some point, you should be able to deal with this pretty easily.

I particularly like the setup of the book, where every part of the volnurabilities are described following the same pattern - first explain the part of the IPv6 relevant, then discuss the security threats related to this part, and finally discuss and showcase how to counter these threats.

I like this book. To me, it will be used as a reference, and as a learning book to look more deepely into IPv6 security matters. Most importantly, I think you might like it too!

ISBN-10: 1-58705-594-5
ISBN-13: 978-1-58705-594-2
Cisco Press

Recent comments