Final Year Project 2 Slide

FINAL YEAR PROJECT 2 NAME

: MOHD AMIRUL AIZZAD BIN HAMDAN

ID

: 512621121 51262112129 29

TITLE

: EVOLU EVOLUTION TION OF IPV4 TO IPV6 AND SECURITY ANALYSIS

SUPERVISOR SUPERV ISOR : SIR AHMAD ROSHIDI BIN AMRAN

RESULT/ANALYSIS ITEM

IPV4

IPV6

Address

32 bits long. Various address classes are defined: A, B, C, D, or E depending on initial few bits

128 bits long. The host portion of an IPv6 address will be derived from a MAC address or other interface identifier.

Address Resolution

ARP is used by IPv4 to find a physical address, such as the MAC or link address, associated associated with an IPv4 I Pv4 address.

IPv6 uses Neighbor Discovery Address Resolution to map an IPv6 addresses onto a MAC address

Address types

Three basic types: unicast address, multicast address, and broadcast address.

Three basic types: unicast address, multicast address, and anycast address

Multicast Addresses

uses "Class D" addresses (224.0.0.0 to 239.255.255.255) for multicast - optional

strong support for multicast. Multicast is used extensively in IPv6 mechanisms, such as Router Discovery and Stateless Address Autoconfiguration, Autoconfiguration, so support is mandatory

ITEM

IPV4

IPV6

Configuration Configurati on

Must configure a newly installed install ed system before it can communicate with other systems

Configuration Configuration is optional. IPv6 interfaces are self-configuring using IPv6 stateless auto configuration

DHCP

DHCP is used to dynamically obtain an IP addres

DHCP does not support IPv6.

FTP

FTP allows you to send and receive files across networks.

FTP does not support IPv6

NAT

Basic firewall functions integrated integrated into TCP/IP

NAT does not support IPv6

IPSEC

IPSEC that have been modify from IPv6 to work with IPv4. might not work well if NAT is used

originally created created as a part of IPv6. does not work well with NAT

Result /analysis IPv4 SITE TO SITE IPSEC I PSEC VPN

Result /analysis IPv6 SITE TO SITE IPSEC I PSEC VPN

Show crypto ipsec sa

THREAT COMPARISON TYPE

IPv4

IPv6

Reconnaissance Reconnaissance

Possibility is high

More difficult because of address length

Sniffing attack

Possibility is high

More difficult because of Ipsec

Application attack

Same possibility

Same possibility

Flooding attack

Same possibility

Same possibility

Smurf attack

Possibility is high

Ipv6 have no broadcast so smurf attack is impossible.

Viruses and worms

Possibility Possibi lity is high

Worm / Viruses which use Internet scanning for propogation will need to adapt to the vastly increased size of IPv6 subnets.

IPv6 makes some things better/worse/different, but no more or less secure Better 

 Automated scanning and worm propagation is i s harder due to huge subnets



Link-local addressing can limit infrastructure attacks



 IPsec is a mandatory feature

Worse 

Lack of familiarity with IPv6 among operators



 Immaturity of software



 Vulnerabilities in transition techniques

CONCLUSION 

From the Packet Tracer, we can see the different in configuration for Ipv4 and Ipv6 in term of address length, routing, packet header, address resolution and else.



From Gns3, the Ipsec is working as its stated. The data is safely encrypted into vpn tunnel from one end to another end.



In conclusion, Ipv6 clearly have more advantage than ipv4. ipv6 have more robust security thus will benefit the user from threat such as scan attack, reconnaissance and Ip sweep.



From this, we can say that t hat the objective have been achieved