Security issues in PIV6 and solutions for these issues

Author: Iloka Benneth Chiemelie

Published 6/1/2014

INTRODUCTION

The most widely used version in internet protocol is the IPv4 (which is used to represent internet protocol version 4), and it can be traced back to the 1970s. Although this protocol has been adopted for long, there are well known limitations such as the limited IP address space and lack of security. IPv4 are specified on 32-bit IP address fields that are rapidly running out in spaces as a result of high adoption. There is also the need to note that the only security feature available in the IPv4 security option is the secured platform it provides for hosts to send restrictions that are related to handling and security parameters¹.

Considering the discussion above on the fact that the IPv4 doesn’t have enough security features, the Internet Engineering Task Force (IETF) have been on the working to provide the IPv6 (Internet Protocol version 6) version in order to tackle the limitations on the IPv4, and also integrate more performance features, configuration and network management solutions². The elements contained in the IPv6 has been defined by numerous Requests for Comments (RFCs) such as RFC 2460² (IPv6 Protocol), RFC 4861³ (IPv6 Neighbour Discovery), RFC 4862⁴ (IPv6 Stateless Address Auto-Configuration), RFC 4443⁵ (Internet Control Message Protocol for IPv6 (ICMPv6)), RFC 4291⁶ (IPv6 Addressing Architecture), and RFC 4301⁷ (Security Architecture for IP or IPsec). IPv6 is famously known as the next generation Internet Protocol (IPng). There are a number of differneces between IPv6 and IPv4 and such differences are as outlined below:

Header format for IPV4

Header format for IPv6

From the above comparison, it can be seen that a number of new features have been introduced in the IPv6, and these features can be summarised as:

1.      A new header format

2.      A much bigger disk space as compared with the IPv4

3.      A hierarchical addressing and routing infrastructure that is efficient

4.      A combination of both stateless and state address configuration

5.      IP security

6.      Better support for quality of service (QoS)

7.      A new protocol for interaction of neighbouring node

8.      Enhanced extensibility

Cleary, it can be seen from the comparative analysis above that the IPv6 boost higher security features as compared with the previous version, and one might be tempted to easily conclude that such system will cover all needed security issues in Internet Protocol and online access, however such is not the case as there are still a number of considerable threats in the IPv6 which arises from inefficient or arguably ineffective security leakages.

Purpose of the study

The main purpose of this study is to understand the security issues that are associated with IPv6 as compared with the earlier version of IPv4. As described above, the later version (v6) possesses a number of advantages in terms of advanced features when compared with the earlier version (v4), but it is still very important to understand that this doesn’t serve as a ultimate guarantee for eliminated risk as there are clear indications that the IPv6 still have numerous weaknesses. As such, understanding these weaknesses is very important because it will serve as the right platform for creating necessary paradigm that will ensure higher security in the internet world in the future.

Research questions

In order to achieve the research purpose describe above, a number of questions will be addressed as the right guideline from which the research objectives will be meet and these questions are?

1.      What are the differences between IPv4 and IPv6?

2.      What are the security issues in IPv6?

3.      How can these issues be solved?

Research design and approach

This research paper will be developed by adopting 4 chapters. The first chapter will be the introduction, which will lay down the foundation of what the paper is all about, research objectives, research questions and how the research will be conducted.

Following this will be the second section that will present a review of relevant literatures on security issues as they are related to the IPv6. This section will not be centred on the negative aspects of the security issues. Instead, it will look into both the negatives and positives.

The third section is the methodology, which describes how the primary research will be conducted, and following this section is the research analysis that presents a detailed analysis of the research conducted. Conclusion is the last section which is a general overview of the whole research. 

Limitation

The underlying fact is that no matter the level of standards or specification adopted in a given research process, there are always limitations on such project as to what is acceptable in the research process and findings made from such research. As such, this paper is no exception. The limitation for this paper comes in the form of the scope. It must be noted that there are numerous security issues in the internet, but the only focus presented in this paper is on issues related with the adoption of IPv6. Although such a presentation can easily help the readers with understanding of the issues in the new internet protocol and how to resolve, it doesn’t present any understanding of other related internet issues that might not actually be a product of internet protocol and as such security is still not fully enhanced in the “netvironment.”

CHAPTER 2

LITERATURE REVIEW: SECURITY CONSIDERATIONS

As stated in the chapter one above, a number of security issues that were lacking in the IPv4 has been fixed with the new version of IPv6, but that doesn’t eliminate the fact that a number of issues still prevail in the new system, and as such the focus of this chapter is to understanding the security issues that have been enhanced in the IPv6 and the issues that still prevail.

IPV4 SECURITY ISSUES SOLVED IN IPV6

Massively sized IP address space

When attackers start exploring sites to lay down their threats on, the first attempt involves employing scanning of ports as a scouting technique in order to gain as much information possible about the network of the targeted victim³. The scanning period for the entire IPv4 based internet had been estimated to be in the period of 10 hours with adequate bandwidth⁸, in consideration of the fact that IPv4 addresses are only 32 bits wide. This is where the new disk scape in IPv6 becomes of importance as it has been dramatically increased to 128 bits, and this creates a high barrier for attackers that desire to scan the whole ports comprehensively. Additionally, such scanning even if the attacker decides to proceed with it will require higher bandwidth and as such it is also an additional barrier to attackers.

In any case, it is still importance to understand that port scanning investigation technique currently adopted in IPv6 is the same as what is obtainable in IPv4, besides the longer space that it now comes with. On that note, it can be stated that best practices adopted in IPv4, such as filtering internal-use IP addresses in the routers’ border and filter un-used services through firewall should be continued in the IPv6 network in order to enhance the security features in such networks.

Cryptographically Generated Address (CGA)

With the new standards set by IPv6, it has now become possible to bind a public signature key to any given IPv6 address. The new IPv6 address produced from such process is known as a Cryptographically Generated Address (CGA)⁹. The benefit of such cryptographication is that it ushers in added security protections for the IPv6 neighbourhood router discovery technique, and also allows the user to make available “prove of ownership” for any given IPv6 address that is the property of the defined users. This is a very important difference in comparison with IPv4, as it is impossible to retrofit this important function in the IPv4 as a result of its currently limited disk space. There are three main advantages offered by the Cryptographically Generated Address (CGA):

1.      It makes it much harder to spoof attach or steal IPv6 addresses.

2.      It makes it possible for delivery of messages signed with the owners’ private key.

3.      It doesn’t need upgrading or modification in the overall network infrastructure.

Enhanced IP Security (IPsec)¹⁰

IP security is the medium through which interoperable, cryptographically and higher quality based security services are provided for traffic under the IP layer³. It is also known as IPsec for short. While this feature is optional in IPv4, it has been made mandatory in IPv6. It enhances the original IP protocol by ushering in authenticity, integrity, confidentiality and control of access to each IP packet through the adoption of two protocols in the form of: AH (authentication header) and ESP (Encapsulating Security Payload)³. This new feature is enhance the security of IPs and gives users better protection in terms of hacker and crackers attacking their networks.

Replaces ARP with Neighbour Discovery (ND) Protocol

Under the settings of IPv4, the layer two (L2) is not bounded statically with the layer three (L3) IP address. As such, the L3 can be run on top of any L2 media without inflicting any significant changes in the protocol system. The establishment of connection between the L2 and L3 is made with a protocol named Address Resolution Protocol (ARP), and it establishes dynamic mapping between L2 and L3 addresses on the local network section. In any case, the ARP has a number of security issues such as ARP spoofing. In the IPv6 protocol development, the need for ARP is eliminated because the interface identifier (ID) of the layer three in the IPv6 is derived directly from a device-specific L2 address (MAC Address). In the IPv6, the layer three (L3) is used in a combined forma with its locally derived interface ID portion on a universal level. As such, the security issues that are featured in the ARP as contained in IPv4 are eliminated in the IPv6. There is a new protocol known as Neighbour Discovery (ND) Protocol for IPv6 is defined in RFC 486111 as a replacement to ARP¹¹.

Basically, the underlying elements from the above discussions are that the IPv6 features numerous improvements that enhance the security system of users. In the modern business setting, security is very important as a result of the fact that numerous businesses are taking to the internet as a means of expanding their operations through the increasing features powered by internationalization and globalization. Besides the businesses, the internet world is growing with new “netizens” that made use of the internet for their own personal reasons and reveal important information about themselves in the process of their interaction in the internet. Added to this is the fact that “netcriminals” are not easy to spot as they perform their delirious acts under the cover of their roof and anonymously through adoption of numerous configurative paradigms that makes them evidentially invincible. As such, it becomes clear that increasing security of the Internet Protocol is the right way forward and that is what the new IPv6 is intended to do. In any case, this new and improved version of IP system still has its own security features that can still leave “netizens” at risk of attack and other threats.

SECURITY ISSUES IN THE IPV6 AND WAYS TO MANAGE THESE ISSUES

IP addressing structure

The addressing structure adopted in IP is used to define the architecture of the given network. In cases where the addressing structures are properly planned, potential risks that are associated with the new features in the IPv6 are reduced significantly. As such, the addressing structure is of high threat if not well planned because the new features integrates numerous dynamic systems that are not present in the IPv4 and such integration now means that the new system needs redesign of addressing structure which will be different from what is obtainable in the IPv4 and this new redesign will entail new formatting and potentially new applications which might not be easily understood by most of the end users. The solution now becomes taking into consideration a number of factors in addressing the IP structure of IPv6 to ensure full functionality and enhanced security. There are a number of factors that needs to be considered when designing an IPv6 network and these factors are³:

Hierarchical addressing and numbering plans

The numbering plan is used to describe how the IPv6 allocations are segregated by the user or organization. For instance, if a given user is granted with a 16 subnet bits (/48) address block, this will offer the user an opportunity to support 65,000 subnets. The fact is that a good numbering plan can be used to access control lists and firewall rules in the operations security, as well as easily identify the ownership of sites, links and interfaces. The solution to this as recommended by HKSAR³ is that the user should plan and create a site hierarchy by considering the following subnet methods:

1.      Numbering subnets sequentially

2.      VLAN number

3.      IPv4 subnet number

4.      Network’s Physical location

5.      Functional unit of an organisation (Accounts, Operation, etc)

Problems with trackable EUI-64 addresses

Basically, the IEEE EUI-64 address¹² is a representation of new standards in network interfacing addressing as adopted in IPv6. The network interface’s (MAC address) physical address is the input in algorithm that is used to generate EUI-64 address. By adopting the EUI-64, an attacker can actually reveal the make and model of a given remote machine, and make use of such information target attacks on that particular machine. This is a very big issue with the IPv6 as such cases where an attacker is successful by adopting the method discussed above will entail high danger for the owner of the targeted machine. Additionally, once access has been made to the machine, other functionality might be also predefined by the attacker and the end point is that the machine will be basically responding to the attacker’s command even without the knowledge of the owner. For instance, it can be sending detailed analysis of further actions in the machine to the attackers define destination through invincible routes that the owner might not easily notice or might not ever notice. In order to reduce such risk, non-predictable addresses need to be used in the production of cryptographic algorithm (e.g. Cryptographically Generated Address) or assigning addresses with DHCPv6.

Unauthorized IPv6 Clients

There are IPv6 supports for most of the modern operating systems or equipment, and it can be easy as well as hard to notice sometimes as to where the use of the IPv6 protocol is enabled. As a result of highly extended capabilities of IPv6, and the potential of an IPv6 host having a number of global IPv6 addresses, the possibility to provide an environment that makes it easy to access the network level for attackers is increased if the access controls are not properly put to functions. Definitely, it becomes clear that such a risky measure is significant as it will make the attack function easer and put users at high risk. On that note, it is very must important to reduce the potentials for such and it can be done through the following measures:

1.      Locate and disable any IPv6 enabled equipment

2.      Detect and block IPv6 or IPv6 tunnel traffic at network perimeter

3.      Include IPv6 usage policies in the organization’s security plan

Neighbour Discovery and Stateless Address Auto-configuration

As discussed earlier, it was sated that Neighbour Discovery (ND) is the system used to replace the ARP of the IPv4, and stateless address auto-configuration: that allows the IPv6 to be automatically configured whenever it is connected to an IPv6 network is a very significant DHCP-like function provided in ICMPv6. These new kits are both powerful and flexible options in the IPv6 protocol. In any case, the ND can still be a subject of attack that can potentially cause IP packets to move in unexpected places³. There are also potential for denial of services to prevail. Additionally, attacks can also be used to allow nodes to intercept and optionally be used to modify packet data that have been designed for another node. Although it is possible to protect this with IPsec AH, RFC 3756¹³ (IPv6 ND Trust Models and Threats) are also used to define the type of networks that the secure IPv6 ND techniques will be allowed to function in. These three different models of trust can be used to roughly correspond to secured corporate intranets, public wireless access networks, and pure ad hoc networks. As an additional note, it is important to note that the SEcure Neighbour Discovery (SEND) protocol are predesigned with the right paradigm to usher in a secured neighbour discovery with a predefined cryptographic method.

In the IP networks (v4 and v6), the neighbour discovery mechanism as well as the solicitation of routers adopts ICMP. The ICMP of the version 4 functions as a separate protocol on the outside of IPv4, but the ICMP of the version 6 is inside the IPv6 and integrated to run directly on the top of IPv6 protocol, and this can also result to a number of security issues.

The exchange of ICMPv6 messages on the top of the IPv6 protocol for enriched vitality in the “network health” messages and environment solicitations are very important for communication in IPv6. Well, this can easily be abused through sending of fake and carefully crafted messages for service denial, re-routing of traffics, or some other malicious activities³. The recommendations made by the IPv6 for security reasons is that all ICMP messages need to be done through IPsec AH, that are capable of ushering in integrity, authenticity and anti-relay functions.

In order to avoid such attacks that are related to neighbour-discovery, it is recommended that the critical system be specified as static neighbour entries in their default routers, instead of adopting the ND³. However, this will need the implementation of some administrative efforts in order to be crowned as a success.

Twofold operations

Users can easily change their IPv6 whenever they so desires, with the IPv6 being gradually deployed while the IPv4 will also be supported on the same nodes for legacy clients and services. Such a dual protocol, environment created by dynamism in the IPv6 also increases the complexity for operations as well as security issues. In any case, there are existing measures in IPv4 that can be maintained while the same level of coverage will be applied to the IPv6. In order to reduce these issues, there is a need for the user to implement security measures consistently for both versions. During operations, the administrators also need to be aware of significant threats and vulnerabilities in both versions and adopt necessary measure to reduce and possibly eliminate such risks.

Common attacks in IPv4 and IPv6

From the above analysis, it can easily be deduced that the new IPv6 is not capable of solving all security problem. On a fundamental aspect, it cannot prevent attacks on layers that above its network layer in the protocol stack. Some of the attacks on networks that IPv6 cannot handle are³:

1.      Application layer attacks: Attacks that are performed on the application layer (OSI Layer 7) which can include buffer overflow, viruses and malicious codes, web application attacks etc.

2.      Password guessing and Brute-force attacks on authentication modules.

3.      Rogue devices: unauthorized devices introduced into the network. A device may be a single PC, but it could be a switch, router, DNS server, DHCP server or even a wireless access point.

4.      Denial of Service: The problem of denial of service attacks is still in existence with the IPv6.

5.      Attacks using social networking techniques such as email spamming, phishing, etc.

CHAPTER 3

RESEARCH METHODOLOGY

3.1. Chapter introduction

In this chapter, the focus will be to define the approaches that will be adopted in the primary research. This chapter will detailed how the primary research will be conducted and the steps as well as set standards for the primary research.

3.2. Research purpose

The purpose of this research is to conduct an in-depth study of the issues in IPvv6 with experienced IT personnel, identifying the issues in the new version and how these issues can be enhanced in order to offer better internet security.

3.3. Research philosophy

Research is an important aspect of any academic experience and career goal. This is because it enhances the knowledge base and understanding of the person who is undertaking the research process and it also helps to broaden the understanding of subjects that are generally complex in nature. Research is the root form which new theories are created an existing one critic to understanding their level of applicability with respect to changes and new trends in the modern environment.

3.4. Research approach

The approach for this research paper is qualitative approach. In accordance with Sage publications (2013), the qualitative approach to research is a unique background that is used to foster precise ways of asking questions and particular ways for thinking through problems. Common questions that are asked in qualitative researches are designed to provide answers as to how, why and what factors that influences the issue being review. Qualitative research is a very exciting landscape that is interdisciplinary in nature and comprises of wide perspective and practices used for generating knowledge. Researches from all across filed in the social and behavioural use adopts qualitative research – and it is important to understand that the context of this paper is also based on social and behavioural studies. Additionally, the research process involved in qualitative is usually given the centre stage and this means that the searcher have high potential of focusing on the subject matter in review and applying all necessary approaches to ensure that the research is usually gathered towards achieving set objectives through set parameters that can be used to measure the success of the research process. 

Basically the essence of qualitative research is built around the tyranny of numbers it has abandoned for the purpose of creating enigma in words. instead of creating a “Yes” or “No “ approach to research methodology, qualitative research allows the audience to offer opinion based on a clear definition of what they perceive to be the problem and how they wish to solve the problem in the long run. It is often seen as being rooted in the non-tangible domain, which is based on experimental and intuitive researches studies that are fundamental in natures.

In accordance with Hiat (1986), p, 737), qualitative works are in constant and dynamic flux, but in essence it is moving towards some of the end-point in modern evolutionary way, numerous efforts have been made by the different researchers in order to establish a concrete meaning on the qualitative dimensions and it also serve as an integrative function from which the researchers develop an absolute understanding in the context of the subject being studied.

The reason for choosing qualitative research is because of its numerous advantages over quantitative research in social research. One of the advantages that qualitative research has is the exploratory approaches it adopts with the use of open-ended questions and probing that allows participants to contribute in the research process with their own words instead of being forced to choose from a group of fixed response that might not always be in line with what they wanted. Such an approach means that the responders for this research will have the opportunity of:

It allows for expandable answers – qualitative research will allows responders to expand their answers in order to meet their full understanding, perception and perspective about the subject being reviewed. Such an opportunity will mean that they will be able to contribute significantly towards a revolutionary analysis of the whole research approach and it will also help the research to develop a more concise conclusion on the topic being studied. As such, it can be argued the research approach will contribute significantly towards the findings that will be made from this paper, as the responders will be able to present their own general understanding of the topic, instead of being forced to choose from fixed answers.

3.5. Research strategy

The strategy for this research will be an exploratory research method which is conducted in the form of an in-depth study with the responders. Exploratory research is a form of research which is designed to explore different aspects of the topic being studies. The word “exploratory” implies that it doesn’t focus on any general objective as to meeting some specified points, but instead it is diverse in its approach to review by offering the opportunity for researchers to understand different aspects of the study section and explore other areas that might have a direct influence on finding from the research.

In-depth study on the other hand is a form of interviewing in which the research chats with the responder one-on-one in order to understanding their views about the projected changes from the research hypotheses. Such a close discussion will be enhanced by adopting necessary strategies to ensure that the responders feel at ease and peace with the researcher in order to make them comfortable with the research process and also enhance their possibilities of contributing to the research process positively. Such approach will include a discussion of the importance of the study, which will then persuade them to contribute significantly towards the research process.

The main reason for adopting an in-depth form of exploratory research strategy in this qualitative research is because the topic being reviewed doesn’t have a common ground for judgement. Food intake amongst Indian women while it might be guided by the food culture of Indian as discussed previously will still vary form one person to another as there are different factors that influences an individual’s choice of food. For instance, while there might be well established cuisines in the Indian culture, there might be difference in appetite and availability and it will definitely influence the consumption pattern to a very significant point. As such, exploratory research is the right antidote for understanding these changes in its basic form and then analysing the finding based on designed hypotheses in order to

3.6 Data collection

            Many factors needed to be considered in the qualitative phase of the study. One of these important factors was to obtain genuine data and naturally occurring conversations during the interview. The researcher’s role here was to neutrally and objectively record the interactions using the qualitative investigation tools. All the observations were noted. The conversations were recorded. This is an advantage because it allowed the research to interpret findings from the research process based on individual responses gathered. Saville-Troike (1982) mentioned that if the observer is absent, the observer would not be able to observe [hear] what would have been taking place (p.113). The writing of notes was conducted unobtrusively the whole interview which took place in a period of 10 to 20 minutes between the responders. Throughout the interview process, the researcher wrote down the statements made by the interviewees.

            Delamont (2002) in Fieldwork in Educational Setting explains that recording what was said throughout the observation should be done as discreetly as possible, if possible not word for word but some key words or phrases would be helpful to jog the memory later.

In conducting the quantitative research, many important elements and aspects were considered. A questionnaire is merely a ‘tool’ to bring together and accumulate information about a specific aspect of interest. It contains a list of questions. This composed questionnaire contains two parts; Part 1 has four questions regarding general personal particulars whereas Part 2 is divided into 2 sections, Section A and Section B. There are three questions which require short answers in Section A. Section B contains 4 parts. Part a discusses the past food intake pattern and practices amongst responders, Part b asks about what is presently obtainable in food intake practices and patter, Part c is about the influence of culture on food intake practices and patter, and Part d is about the projected future trends in food intake practices and patterns. All the questions in Part B are answered using open ended questions that allows the responder to elaborate more in relation to answered provided in the research process. The responders were supposed to answer all the questions.

A questionnaire needs to have clear and understandable instructions, therefore; the instructions for this questionnaire were written clearly in order for better understanding of the participants. Questionnaires must always have an exact reason which is related to the objectives of the research. Thus, the objectives of this study were written on the front page and the title of Section A and Section B explained what were the objectives of the questions and A pilot study was first conducted to check people’s understanding and ability to answer the questions, highlight areas of confusion and look for any routing errors, as well as providing an estimate of the average time each questionnaire will take to complete. Therefore, the first pilot study using this questionnaire showed that the instructions were not precise and clear. The participants did not know how to answer the questions as there were many redundant questions. This was then amended to remove the redundancy and repeated questions in different forms. After amending it, a second pilot study was done. This showed improvement as there were no questions asked which caused any doubts.  The second pilot study was considered to be successful. The participants involved were then given the final erosion of the questionnaire. They were informed about the aim of the questionnaire in order to understand the questions.

3.7. Data analysis

Preceding the data gathering process is the analysis which is designed to understand the information gathered from the data. The analysis part in qualitative research is different in quantitative research. This is because; quantitative adopts a number based approach in which the responders are forced to choose between agreeing and disagreeing. This is different in quantitative research which is more of an interview form that the responders can actually offer any form or answer to the asked questions. Analysing qualitative research can take different format and the format chosen basically depends on the researcher and the form of questions asked.

For this paper, the form of analysis chosen is based on interpretational (objective) analysis. This is a situation in which the response gathered are individually interpreted in relation to the actual meaning that the responder presents in the whole research process. This is because, the meanings presented can actually be different from one responders to the other, and it makes individual interpretation very important as it is the only way that the research can actually gain full insight into what the responder actually means.

In any case, the interpretation process for all the responses gathered is similar because the interpretations are based on linking findings to the set research objectives. Such an approach means that the research is actually able to centred findings in a more tailored way that makes it easy to identify common variables from all of the findings. Analysing the finding with common variables will also help to prove the stated hypotheses and it will also increase the chances of achieving the research objective through an inter-relational interpretation of idea in a way that it creates coherence between data gathered and actually meaning generated from the gathered data.

3.8. Ethical considerations

In the course of gathering and analysing the data, numerous ethical issues were reoccurring. Primary research has been characterized with numerous ethical issues, and the reason is because some researchers are always trying to ensure that gathered data and finding from analysis meet their set objectives. However, this was not applicable in this paper. Some of the ethical issues encountered and addressed are:

3.8.1 Proposing answers for responders – since this is a face-to-face survey, responders who had issues with the questionnaire asked questions. During the course of addressing responders’ questions, the interviewer might directly or indirectly influence their answers by focusing more on the negative or positive influence of the answer. In order to eliminate such ethical issue, the interviewers were trained on ensuring that they don’t deviate from the focus of the questionnaire and don’t interfere with the responders’ choice by either directly or indirectly convincing them to present a particular answer through their explanation of the questions.

3.8.2 Manipulation of data - the gathered data re really hefty and not all people approached had intension of complying. As such, there was also a temptation of the interviewer to fill the unanswered questionnaires or manipulate the gathered data to ensure favourable findings. However, the research have been trained numerously on the importance of ensuring reliability by keeping data genuine and the influence of manipulated data on the quality of a research. As such, none of these unethical practices was conducted in this research. 

3.8.3. Chapter summary

The design of any research paper is very important because it plays an important role in determining whether the paper will be able to achieve its set objectives. As such, this paper was not different in any form because it is important to design the research process in a way that assurance is ensured about the high potential of meeting set objectives and impacting positively in the field of the research.

This chapter focuses on detailing the research process, and such focus meant that all the research variables were discussed as well as how these variables will be loaded into the research paper. Other features such as the responders profile and the data gathering process.

CHAPTER 4

RESULTS

4.1. Chapter introduction

The focus of this chapter is to analyse all gathered data. As describe earlier, this is a qualitative research and the findings from the research will be objectively analysed. The implication is that data gathered from the whole research process will be analysed individually, and it will eventually aid in the overall understanding of the research paper. In any case, the analysis will be done in such a way that the actually objectives of the paper and stated research hypotheses are incorporated into the analysis.

4.2: Pattern for gathering response and its influence on actual response provides

The responses were gathered by the research in a written form. The researcher was close by the responder with a laptop and was typing in the answers presented by the responder. As such, there might be cases where the actual response was not written as stated by the responder, but the fact still remains that the meaning if the same. For instance, where a responder made grammatical errors in the response, the research made necessary corrections before putting in the response into this paper.

4.2. Response analysis

Introduction: Good day sir. Please I want to thank you very much for bringing out your time to participate in this study. The main purpose is to understand the security issues in IPv6 and how these issues can be solved.
BIO-DATA AND SITUATIONAL ANALYSIS
Age = 33 Gender = Male Race = Indian-Malay IT experience = 6 years
QUESTION 1
What is your view about the modern internet environment?	On my own opinion, it is getting congested in the sense that the internet is really being adopted across the world and the information readily available are very huge now that it is uncountable and you can live a life time without every seeing some of the information in the net.
How do you think this congestion affects IP address?	You need to understand that the functionality of IP is based on the system and not actually on a general sense. What am I trying to say? The thing is just that every system has its own IP as issued by the internet provide, so if the internet is getting congested then the IP address will suffer because it will be very bulk and as such slowdown connection and exposes innocent people to internet attacks.
Really? Attacking people’s computer with their IP? Please tell us more about how this is possible.	Yes. It is possible and actually easy. Because the every computer have their own specific IP, when a hacker gets access to these IP, the hacker can actually configure them in such a way that the information contained in the computer are sent to the hacker’s desired destination.
Is IPv6 better than IPv4?	Yes it is better and the reason is because it has more disk space and as cub offer higher security, higher speed and more information available in the internet.
What are the security issues with IPv6 and how can they be resolved?	IPv6 brings along with it some level of dynamism and this comes with numerous security issues. One of the most significant issue is that two people can actually be using the same IP and it puts the innocent at the risk of being hacked. These issues can however be solved by creating a level of static nature in the system. For example, the IP can be configure to disable any discovery tool.

Interpretation

The main understanding from this interview is that the current internet environment is increasingly becoming open as a result of the fact that people are adopting internet technology across the globe. On that note, the now IPv6 is better in the sense that it offers higher disk space, but the increase in dynamism now means that higher risk exit and these risk can be reduced by configuring the system in order to ensure that access to the IP is denied.

Conclusion

The need to understand the security level of internet is becoming vital as a result of the increase in adoption, which increases risk in cases where these security issues are not well looked into. This is the ground from which this research paper was developed, and it is based on the objective of understanding the security issues with the new IPv6 and how these issues can be handled. On that account, it was discovered that the level of dynamism offered by the new internet protocol brings along with it security issues in the sense that two users can be using the system at the same time. Some of these issues as discussed come in the form of poor structure, open sources codes, and IP visibility. Even with the disk space, the IPv6 can still be hacked with the same formula for hacking the earlier version, with the only limitation being that it will take longer time. In order to reduce the issues, it recommended that users should:

1.      Use standard, non-obvious static addresses for critical systems;

2.      Ensure adequate filtering capabilities for IPv6;

3.      Filter internal-use IPv6 addresses at border routers;

4.      Block all IPv6 traffic on IPv4-only networks;

5.      Filter unnecessary services at the firewall;

6.      Develop a granular ICMPv6 filtering policy and filter all unnecessary ICMP message types;

7.      Maintain host and application security with a consistent security policy for both IPv4 and IPv6;

8.      Use IPsec to authenticate and provide confidentiality to assets;

9.      Document the procedures for last-hop traceback; and

10.  Pay close attention to the security aspects of transition mechanisms.

Even with the issues discussed, the conclusion is that the IPv6 offer higher security.

References

1 http://www.ietf.org/rfc/rfc0791.txt

2 http://tools.ietf.org/html/rfc2460

3 http://tools.ietf.org/html/rfc4861

4 http://tools.ietf.org/html/rfc4862

5 http://tools.ietf.org/html/rfc4443

6 http://tools.ietf.org/html/rfc4291

7 http://tools.ietf.org/html/rfc4301

8 http://www.opte.org/history/

9 Cryptographically Generated Addresses (CGA) is specified in RFC 3972 (http://www.ietf.org/rfc/rfc3972.txt).

10 RFC4301 (http://tools.ietf.org/html/rfc4301)

11 http://tools.ietf.org/html/rfc4861

12 EUI is an acronym for Extended Unique Identifier, e.g. “3BA7:94FF:FE07:CBD0” is an EUI-64 identifier in colon hexadecimal notation.

13 http://tools.ietf.org/html/rfc3756

14 http://tools.ietf.org/html/rfc3056

15 http://playground.sun.com/ipv6/ipng-transition.html

16 http://technet.microsoft.com/en-us/network/cc917486.aspx