Customer Reviews

6
4.7 out of 5 stars
5 star
5
4 star
0
3 star
1
2 star
0
1 star
0
IPv6 Security
Format: PaperbackChange
Price:$57.30 + Free shipping with Amazon Prime
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

5 of 5 people found the following review helpful
Format: Paperback
I've read and reviewed three other books on IPv6 in the last four years: "IPv6 Essentials, 2nd Ed" (IE2E) in September 2006, "Running IPv6" (RI) in January 2006, and "IPv6 Network Administration" (INA) in August 2005. All three were five-star books, but they lacked the sort of attention to security that I hoped would be covered one day. IPv6 Security by Scott Hogg and Eric Vyncke is the book for which we have been waiting. Although some of the early "philosophical" security discussions (what's a threat, where are they) are lacking, the overwhelming amount of thorough and actionable content makes this book a winner.

IPv6 Security reminded me of Cisco Router Firewall Security (CRFS) by Richard Deal, which I also liked a lot. CRFS was Cisco-specific and helped readers squeeze all the network-level security features they could from their routers. IPv6 Security is similar, but even better because readers receive guidance for Windows, FreeBSD, Fedora, and even Solaris, in addition to Cisco gear. One note on FreeBSD, however: p 42 says "FreeBSD systems are susceptible to RH0 attacks," although FreeBSD issued a fix in April 2007 with Security Advisory FreeBSD-SA-07:03.ipv6.

In addition to offering configuration guidance for a variety of products, IPv6 Security used Scapy6 to demonstrate various IPv6 traffic types. I liked this approach, although a brief appendix explaining Scapy usage would have been appreciated. The book also covered material I had not seen elsewhere, like shim6 for multihoming. I would have liked some examples of IPv6 NetFlow output, as hinted at in Ch 11. Using SCTP with IPv6, also mentioned in the book, would have been helpful and innovative too.

My main issue with IPv6 Security (and it is minor, given this is a five star review) is the inappropriate use of the word "threat" early in the book, and the unnecessary focus on "insider abuse." On p xix the authors say IPv6 is a "threat," and they say threats "exist" in IPv6. IPv6 implementations may introduce vulnerabilities and exposures, but not "threats." On p 8 the authors cite the 2007 CSI/FBI study by saying "59% of all survey respondents suffered from insider abuse of network access." They use that "statistic" to justify saying "the percentage of internal attack sources is likely to be even higher today... The key issue is that most organizations do not spend 50 percent of their security budget on mitigating inside threats." This has nothing to do with IPv6. If it is related to IPv6, reading page 2 of the 2007 CSI/FBI shows that 59% figure means "Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software)". That's hardly the "attack source" the reader should associate with security for IPv4 or IPv6 networks.

Overall, I strongly recommend reading IPv6 Security. There's no other book on the market with the depth of actionable defensive information available.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
2 of 2 people found the following review helpful
on April 15, 2009
Format: Paperback
This reference explains how to secure an IPv6 network across the major boundaries and potential targets for breaches: LAN, WAN, firewall-perimeter, VPN, and locking down the router. Many of these guidelines are also relevant to an IPv4 infrastructure and this book is a resource for both network and information security specialists who construct and maintain production environments. IPv6 Security encompasses two sets of concepts: the Self Defending Network's Collaboration, Integration, and Adaptability and InfoSec's Confidentiality, Integrity and Availability.

Some noteworthy citations for ensuring security include configuring a WAN BGP session with a Message Digest 5 (MD5) algorithm password and using Secure Neighbor Discovery (SEND) for safeguarding IPv6 layer two addresses. As IPv6 uses named access control lists instead of numbered ACLs, the book explores both access control entries (ACE) and the IPv6 IOS commands in detail. Security is also examined for the IPv6 routing protocols, which include EIGRPv6, RIPng, and OSPFv3. Endpoint and server safeguards are also discussed since BSD, Vista and Windows Server 2008 have IPv6 support incorporated in the operating systems. Since adopting a protection policy is one segment of a secure network, utilities such as Multi-Router Traffic Grapher (MRTG) and CiscoWorks LAN Management Solution are examined for capturing data traffic statistics. Setting a baseline and measuring performance are necessary steps for detecting when a security violation has occurred.

IPv6 Security is a must-read resource for those actively engaged in both IPv6 and security implementation. As IPv6 is in its beginning stages and is incorporated into dual-stack architectures with IPv4, there is much to learn. Since information security should always be a consideration, this book offers many examples to consider for protecting the integrity of both the network and data. From a scale of 1-5, this book receives a 5 ranking and I look forward to reading the next book from the authors.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
1 of 1 people found the following review helpful
on January 2, 2009
Format: Paperback
In my quest to learn and transition to IPv6 from IPv4, I learned that you have to have a stable background in learning new materials. IPv6 has been around awhile but now just getting a little more used from many companies and myself. Along with the transition comes concerns with security as IPv4 didn't have much security. With this book [IPv6 Security] the authors took the technology and really explained some very detail and practical aspects of IPv6 with security enhancements. I realyy enjoyed reading this book. The authors did a good job in bringing the IPv6 protocol to the forefront by explaning different parts of the security features like mobile security, running dual stack protocols, IPv6 deployment solutions, address spoofing, and many other network problems. The authors used Cisco products to explain the security mechanisms. they also teach you how to use Cisco IOS® and ASA firewalls and ACLs to filter out IPv6 traffic. This book is one for the ages in describing, explaining, and implementing security in an IPv6 netowrk. Overall the book is great. I gave it a 5 start because of the deep explaining of the IPv6 protocol and security.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on February 13, 2009
Format: Paperback
College-level and advanced software developer's collections will find important IPv6 Security, a survey of security issues identifying all components of modern networks, identifying specific security deficiencies that occur within the IPv6 environment and showing how to correct them. From preventing network attack to monitoring security and understanding large-scale threats and filtering techniques, this is a fine guide advanced software engineers need.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on March 30, 2012
Format: Kindle EditionVerified Purchase
...overall it is more enterprise-centric than service-provider centric. The e-book is also fairly poorly formatted. I'd bump it to four if it were reformatted.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on April 21, 2015
Format: PaperbackVerified Purchase
IP V6 is such an upgrade to security in the architecture itself.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
     
 
Customers who viewed this also viewed
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 by Rick Graziani (Paperback - October 26, 2012)
$49.80

IPv6 Essentials
IPv6 Essentials by Silvia Hagen (Paperback - June 29, 2014)
$36.77

 
     

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.

Your Recently Viewed Items and Featured Recommendations 
 

After viewing product detail pages, look here to find an easy way to navigate back to pages you are interested in.