IPv6 Essentials

5.1. General Security Concepts

In order to protect data, one has to be aware of the possible threats. People often focus solely on malicious attacks from foreign networks. A comprehensive security concept needs to consider many other aspects. Following is a list of possible points of weakness:

• Insufficient or nonexistent IT security concepts and corresponding provisions

• Nonobservance or insufficient control of IT security provisions

• Usurping of rights (password theft)

• Incorrect use or faulty administration of IT systems

• Abuse of rights

• Weaknesses in software (buffer/heap overflows in conjunction with applications running with superuser rights)

• Manipulation, theft, or destruction of IT devices, software, or data (physical security)

• Network eavesdropping (sniffing wired or wireless networks) or replaying of messages

• Trojan horses, viruses, and worms

• Security attacks such as masquerading, IP spoofing, Denial of Service (DoS) attacks, or man-in-the-middle attacks

• Routing misuse

There are many statistics showing that malicious attacks from the outside are only a smaller fraction of all the possible risks. Many threats come from within the internal network and can in many cases be related to human misconduct or faulty administration. Many of these risks cannot be controlled by technical mechanisms. This chapter is not a guide to an overall security concept; it discusses the technology aspects of security with IPv6.