FINAL YEAR PROJECT 2
FINAL YEAR PROJECT 2
NAME
NAME
:
:
MOHD
MOHD
AMIRUL
AMIRUL
AIZZAD
AIZZAD
BIN
BIN
HAMDAN
HAMDAN
ID
ID
:
:
512621121
512621121
29
29
TITLE
TITLE
:
:
EVOLU
EVOLU
TION
TION
OF
OF
IPV4
IPV4
TO
TO
IPV6
IPV6
AND
AND
SECURITY
SECURITY
ANALYSIS
ANALYSIS
SUPERV
RESULT/ANALYSIS
RESULT/ANALYSIS
ITEM
ITEM IPV4 IPV4 IPV6IPV6
Address
Address 32 32 bits bits long.long.
Various address classes are defined: A, Various address classes are defined: A, B, C, D, or E depending on initial few B, C, D, or E depending on initial few bits
bits
128 bits long. 128 bits long.
The host portion of an IPv6 address will The host portion of an IPv6 address will bebe derived from a MAC address or other derived from a MAC address or other interface identifier. interface identifier. Address Address Resolution Resolution
ARP is used by IPv4 to find a physical ARP is used by IPv4 to find a physical address, such as the MAC or link address, such as the MAC or link address, associate
address, associated with an Id with an IPv4Pv4 address.
address.
IPv6 uses
IPv6 uses Neighbor Discovery AddressNeighbor Discovery Address Resolution to map an IPv6 addresses onto Resolution to map an IPv6 addresses onto a MAC address
a MAC address Address
Address types types Three Three basic basic types: types: unicast unicast address,address, multicast address, and broadcast multicast address, and broadcast address.
address.
Three basic types: unicast address, Three basic types: unicast address,
multicast address, and anycast address multicast address, and anycast address Multicast
Multicast Addresses Addresses
uses "Class D" addresses (224.0.0.0 to uses "Class D" addresses (224.0.0.0 to 239.255.255.255) for multicast - optional 239.255.255.255) for multicast - optional
strong support for multicast. Multicast is strong support for multicast. Multicast is used extensively in IPv6
used extensively in IPv6 mechanisms, suchmechanisms, such as Router Discovery and Stateless Address as Router Discovery and Stateless Address Autoconfigura
Autoconfiguration, so tion, so support issupport is mandatory
ITEM
ITEM IPV4 IPV4 IPV6IPV6
Configurati
Configuration on Must Must configure configure a a newly newly installinstalled ed systemsystem before it can communicate with other before it can communicate with other systems
systems
Configurat
Configuration is ion is optional. IPv6 interfacesoptional. IPv6 interfaces are self-configuring using IPv6
are self-configuring using IPv6 statelessstateless auto configuration
auto configuration DHCP
DHCP DHCP DHCP is is used used to to dynamically dynamically obtain obtain anan IP addres
IP addres
DHCP does not support IPv6. DHCP does not support IPv6.
FTP
FTP FTP FTP allows allows you you to to send send and and receive receive filesfiles across networks.
across networks.
FTP does not support IPv6 FTP does not support IPv6
NAT
NAT Basic Basic firewall firewall functions functions integrateintegrated d intointo TCP/IP
TCP/IP
NAT does not support IPv6 NAT does not support IPv6
IPSEC
IPSEC IPSEC IPSEC that that have have been been modify modify from from IPv6IPv6 to work with IPv4. might not work well if to work with IPv4. might not work well if NAT is used
NAT is used
originally creat
originally created as a ed as a part of IPv6. doespart of IPv6. does not work well with NAT
Result /analysis
Result /analysis
IPv4 SITE TO SITE I
Result /analysis
Result /analysis
IPv6 SITE TO SITE I
Show crypto ipsec sa
THREAT COMPARISON
THREAT COMPARISON
TYPE
TYPE IPv4 IPv4 IPv6IPv6
Reconnaissan
Reconnaissance ce Possibility Possibility is is high high More More difficult difficult because because of of addressaddress length
length Sniffing
Sniffing attack attack Possibility Possibility is is high high More More difficult difficult because because of of IpsecIpsec Application
Application attack attack Same Same possibility possibility Same Same possibilitypossibility Flooding
Flooding attack attack Same Same possibility possibility Same possibilitySame possibility Smurf
Smurf attack attack Possibility Possibility is is high high Ipv6 Ipv6 have have no no broadcast broadcast so so smurfsmurf attack is impossible.
attack is impossible. Viruses
Viruses and and worms worms PossibiPossibility lity is is high high Worm Worm / / Viruses Viruses which which use use InternetInternet scanning for propogation will scanning for propogation will need to adapt to the vastly need to adapt to the vastly increased size of IPv6
IPv6 makes some things better/worse/different, but no
IPv6 makes some things better/worse/different, but no
more or less secure
more or less secure
BetterBetter
Automated scanning and worm propagation i Automated scanning and worm propagation is harder due to huges harder due to huge subnets
subnets
Link-local addressing can limit infrastructure attacksLink-local addressing can limit infrastructure attacks
IPsec is a mandatory feature IPsec is a mandatory feature
Worse
Worse
Lack of familiarity with IPv6 among operatorsLack of familiarity with IPv6 among operators
Immaturity of software Immaturity of software
CONCLUSION
CONCLUSION
From the Packet Tracer, we
From the Packet Tracer, we
can see the
can see the
different in configuration for
different in configuration for
Ipv4 and Ipv6 in
Ipv4 and Ipv6 in
term of address length, routing, packet header,
term of address length, routing, packet header,
address resolution and else.
address resolution and else.
From Gns3, the Ipsec is working as its
From Gns3, the Ipsec is working as its
stated. The data is safely
stated. The data is safely
encrypted into vpn tunnel from one end to another end.
encrypted into vpn tunnel from one end to another end.
In conclusion, Ipv6 clearly have
In conclusion, Ipv6 clearly have
more advantage than ipv4. ipv6
more advantage than ipv4. ipv6
have more robust security thus will benefit the user from
have more robust security thus will benefit the user from
threat such
threat such
as scan attack, reconnaissance and Ip
as scan attack, reconnaissance and Ip
sweep.
sweep.