| During the information process of current society, the demand that a wide variety of intelligent devices access to the Internet is increasing. IPv4has been unable to meet the rapid development of the current Internet, as the upgrade version IPv6can effectively solve the problem of the lack of IP address. Besides compared with IPv4, IPv6can provide better quality of service, security and other advantages. Under many governments’great promotion, in Japan and the United States IPv6has been offering commercial services, entering into people’s daily life. However, the current IPv4network is so ingrained, the transition from IPv4to IPv6cannot be done overnight, thus a long transition period of the IPv4/IPv6dual stack network is bound to be experienced. Compared to the traditional IPv4network, dual stack network is facing not only the traditional IPv4network threats, but also the IPv6network threats, as well as more complex security threats that brought by the dual-stack network transition technology. Relative to IPv4perfect security architecture, the security of the dual stack network is not yet mature, because many security measures are just based on the documents and not supported by most of the equipment. In conclusion, the dual-stack network security situation is still very grim.The dual-stack network’s security was researched and analyzed in-depth from two aspects, the transition technologies and IPv6protocol. The security issues of the three mainstream transition technologies (dual-stack, tunneling and protocol translation) were analyzed. This paper focused on security threats of tunneling which is widely used in early dual-stack network. Security analysis of IPv6protocol mainly analyzes security issues of ICMPv6, neighbor discovery protocol, and IPv6extension header, which focus on analysis of neighbor discovery protocol. Because neighbor discovery protocol has lots of vulnerabilities, which can cause a variety of serious consequences, such as denial of service attacks, man-in-the-middle attack. After every section, its existing security vulnerabilities were described. The formation of dual-stack network vulnerability database can provide a basis for the dual-stack network safety test system implementations behind.In order to verify the vulnerabilities of the dual-stack network, the dual-stack network safety test system based on penetration was designed. The main functions of the system were shown through experiments. The system mainly consists of three parts, information detection, test strategy decision, and penetration test. First, snoop dual-stack network information through the detection of information. Then system will process information and match with dual-stack network security vulnerability database. At last, schedule available penetration testing plug-in and validation.Finally, feasible security solutions for both transition technology and IPv6protocol security threats are proposed. |
PDF Full Text Request