Archive for the ‘Security’ Category

For those interested in the pressing issue of IPv6 security and wanting a high-level overview of the challenges and security features of IPv6 then the video from Erion’s David Holder’s recent presentation at the UK IPv6 Council’s IPv6 Security Workshop is now available on YouTube. The slides and a brief summary of the presentation can be found here

If you want to learn more about IPv6 security and IPv6 in general then why not contact us for details of our IPv6 training and IPv6 consultancy or attend one of our IPv6 courses such as the one we are running in the UK in September.

Course Details

Course: Implementing and Securing IPv6
Duration: 5 days
Location: Edinburgh, UK
Dates: 25th to 29th September 2017
Exercise platforms: Linux (default), Cisco IOS, Windows
Delegate Fee: £2,195.00 (GBP) + VAT if applicable

Book Now


Erion’s David Holder provides an insight into the recent IPv6 Security Workshop

I was privileged to be invited to speak at this year’s IPv6 Security Workshop arranged by the UK IPv6 Council. The event, held at the BT Centre in central London, was oversubscribed well in advanced with around 170 delegates registered. This was the largest subscription for any IPv6 Council event to date and the speediest registration yet! The speaker line-up included many leading IPv6 security experts, those involved in developing IPv6 security standards, the National Cyber Security Centre and a range of industry experts. We were all delighted to see such a high level of interest in IPv6.

In my introductory presentation, I gave a quick, but comprehensive, overview of the fundamentals of IPv6 Security. You can view the slide deck here. For those who were not able to attend, here are a few highlights.

IPv6 Security Fundamentals

The first crucial point to appreciate is that IPv6 is everywhere. It is the default on all major operating systems and is widely deployed across the Internet. Further, its growth is exponential and at the current rate all Internet users will be using IPv6 by 2020. If you have IPv6 today you will find that over 75% of your traffic will be carried by IPv6 rather than IPv4.

Even if you have not deployed IPv6 it is important to understand that most of current your networks areIPv6 ready and are IPv6 enabled by default. All modern operating systems contain IPv6 stacks. These are on by default. Operating systems will use IPv6 if they possibly can. This means two things: firstly the majority of security vulnerabilities associated with IPv6 are on your networks today even if you have not deployed IPv6 and secondly if you look on your networks you will see IPv6 traffic. Therefore it is essential that you implement IPv6 security, ideally you should have done this over decade ago when IPv6 was already widely implemented in common operating systems. It is not sufficient to, as some suggest, turn off IPv6. Partly because modern operating systems are IPv6 operating systems and also because turning off IPv6 is often an unsupported configuration.

There are two, possibly three, widely held misconceptions regarding IPv6 and IPv6 security. The first two are:

Misconception 1: IPv6 is more secure than IPv4

Misconception 2: IPv6 is less secure than IPv4

Dual Stack IPv6Both of these are wrong. They both assume that a comparison between IPv4 and IPv6 is meaningful, it isn’t. The reason is simple, in our networks there are no IPv4 stacks, all stacks are IPv6 stacks. Therefore, whether you are using IPv6 or not the vulnerability surface of your IPv4 network is practically identical to that of an IPv6 network. There is a combined vulnerability surface consisting of IPv4 and IPv6 vulnerabilities. Comparing the two is therefore meaningless.

There is another major misconception that is relevant to IPv6 security and that is,

Misconception 3: IPv6 is IPv4 with longer addresses

It isn’t. IPv6 has many complex and subtle differences from IPv4. It is a new protocol with many new features. Even in those areas that are superficially the same as IPv4 there are surprising differences. As a result what is often best practice in IPv4 is not best practice in IPv6.

Even IPv6 and IPv4 addresses are very different and not just in their length. For example:

  • NEW New attributes: length, scope and lifetimes
  • NEW It is normal for IPv6 interfaces to have multiple addresses
  • NEW IPv6 addresses can change over time
  • DIFFERENT Multicast is very important in IPv6
  • NEW There are large numbers of methods for assigning interface identifiers
  • DIFFERENT How addresses are used and managed are different
  • DIFFERENT Global public addresses are the norm
  • NEW And of course there are a huge number of addresses

These differences and that includes all the differences not just those relating to addresses, have a direct impact on the IPv6 vulnerability surface and the mitigation techniques required for IPv6.

Whilst it is not possible to list all the IPv6 vulnerabilities it useful to get an idea of where the problems lie. The slide below shows a rough approximation of the IPv6 vulnerability surface. It is not complete and it cannot show how probable or how significant each of the risks is. What it does show is how many new and different areas there are that need to be considered when implementing IPv6 security.

IPv6 Vulnerability Surface

In the presentation, I went through a number of key areas to illustrate three things; first that IPv6 is significantly different from IPv4, second that some of the areas of vulnerability shown in the above diagram contain many vulnerabilities themselves and finally that not everything is worse. Some things are better than IPv4. Of particular note is the area of scanning and reconnaissance. In IPv4, scanning a whole network is simple and fast. In IPv6, it is impractical to directly scan every address in an IPv6 subnet. This is because testing every address in an IPv6 subnet would take hundreds of thousands of years even on Gigabit networks. This is not to say that attackers cannot discover the addresses of IPv6 nodes, they can, it is just much more difficult for them to do so. However, do not forget that all of the vulnerabilities of IPv4 exist in the IPv6 dual stack, therefore even though scanning IPv6 might be difficult if nodes also have IPv4 addresses is it is still trivial for an attacker to find those nodes from their IPv4 addresses.

When designing and implementing your IPv6 security policy you should pay particular attention to these areas that are listed as new in the diagram. Those areas that are similar to IPv4 are often mitigated in IPv6 using the same techniques that are common in IPv4. Therefore, you should begin by ensuring that the security techniques that you use for IPv4 are also implemented for IPv6. For example, you should use ingres and egress filtering in both IPv4 and IPv6 and you should use unicast reverse path forwarding in both.

In terms of the many differences in IPv6, you need to pay particular attention to the NEW areas in the diagram. Of these, the increased end-to-end transparency, extension header attacks, neighbor discovery attacks and transition mechanism attacks are of particular importance, but this is not to say that you can ignore the other areas. In the presentation I went through each of these and gave specific examples of the types of vulnerabilities. Here are five of the areas that I covered:

  • End-to-end Transparency - Public addresses are the norm, there is no NAT44. Firewalls are necessary (as they are with IPv4).
  • ICMPv6 - Much more complex and critical then ICMPv4. Requires more complex security techniques.
  • Extension Header Manipulation - Whilst the IPv6 header is simple, extension headers that carry options are extremely complex and can be used by attackers in a variety of ways even to hide attacks from security devices.
  • Neighbor Discovery Protocol - NDP is very important to the operation of IPv6 it is also complex. It introduces a number of vulnerabilities to IPv6 nodes and subnets. Securing against these is especially important.
  • Transition Mechanisms - The huge number and complexity of transition mechanisms in itself increases the vulnerability surface. Worse, these create complex interactions between IPv4 and IPv6 and some are standard on many operating systems. Mechanisms such as Teredo are designed to tunnel through IPv4 NAT and firewalls raising the possibility of Teredo being used to circumvent perimeter security.

I then gave a whirlwind tour of IPv6 security features and their pros and cons. Briefly these were:

  • IPsec - Largely the same as IPsec in IPv4. The one key difference is how it is used. The absence of NAT44 in IPv6 makes IPsec transport mode more practical than in IPv4 changing the way IPsec is used.
  • Privacy Addresse - Useful (and the default on many platforms). The temporary nature of privacy addresses has significant implications for operational management including IPv6 Forensics, audit and legal intercept
  • Opaque Static Addresses - Useful (and becoming the default). Avoids linking IPv6 addresses to hardware addresses.
  • SeND and CGAs -Secure Neighbor Discovery (SeND) and Cryptographically Generation Addresses (CGAs) are not widely implement in many operating systems.
  • RA-Guard - Extremely useful protection against rogue IPv6 routers, but can be circumvented using extension headers.
  • DHCPv6-Shield- Extremely useful protection against rogue DHCPv6 servers, but can be circumvented using extension headers.
  • Neighbor Discovery Inspection- Extremely useful protection against attacks against Neighbor Disocvery, but can be circumvented using extension headers.
  • MLD Snooping- Useful for limiting the effectiveness of multicast attacks. Primary use is to improve LAN multicast performance.

I finished by suggesting that the real security benefits of IPv6 will only be seen when we get rid of IPv4 and move to IPv6-only networks. Indeed, some organisations are already moving to IPv6-only networks mainly for operational and cost reasons. Moving to IPv6-only networks will also have security benefits. Removing all of the IPv4 and transition mechanism vulnerabilities it will be possible to make full use of the security features of IPv6.

The key high-level points to take away from my presentation were:

  • IPv4-only networks are historic, they rarely exist today
  • IPv6 should already form a part of your security policy today
  • IPv6 has introduced many new vulnerabilities and features
  • IPv6-only networks will have fewer vulnerabilities
  • Legacy IPv4 thinking is a security risk - staff IPv6 competency is crucial

Erion IPv6 Cyber Security Training

Erion is the world’s leading IPv6 training company with the largest portfolio of IPv6 training courses covering all topics and environments. We have a range of IPv6 security training courses from short introductions to advanced and detailed technical IPv6 security courses. Further information on our IPv6 training can be found at www.ipv6training.com.

Erion recently released a NEW IPv6 Forensics course. This advanced course covers all aspects of IPv6 forensics and is ideal for all those involved in forensic activities.

Other Presentations from the IPv6 Security Work Shop

You can find many of the other presentation from the workshop at http://www.ipv6.org.uk/2017/03/31/ipv6-security-workshop-jul-2017/.


In the coming months you have the opportunity to attend advanced IPv6 training from the world’s leading IPv6 training company.

We have two new public scheduled dates for our popular and comprehensive Implementing and Securing IPv6 course as well as a date for our new course IPv6 Forensics.

IPv6 Forensics is a brand-new training course.

Our Implementing and Securing IPv6 course provides you with all that you need in order to plan for, design, deploy and secure IPv6 in your network and our IPv6 Forensics provides security professionals with the skills and tools to carry out investigations in IPv6 networks.

Implementing and Securing IPv6 is of our most popular IPv6 training courses.

These are advanced technical courses that are ideal for all technologists interested in learning how to both deploy and secure IPv6.

IPv6 training is becoming increasingly relevant in 2017 with the exponential growth in the deployment of IPv6 and the increasing deterioration of the legacy IPv4 Internet.

Deploying IPv6 not only future proofs your network but it also brings with it the opportunity for performance, functionality and operational improvements. For example, Facebook found that end users using IPv6 experience a 15% performance improvement over end users using IPv4. Also, in the long term, IPv6 is the only protocol suitable as a basis for the Internet of Things (IoT).

Furthermore, we already reaching the point where organisations are not only considering moving to IPv6-only networks but have already deployed such networks. Microsoft, Facebook, LinkedIn and Cisco are amongst those who have or are in the process of deploying IPv6-only networks.

IPv6 is very different from IPv4.

The common belief that IPv6 is IPv4 with longer addresses is wrong. IPv6 is made up of many new features and functions which are often widely and subtly different from those in IPv4. Even IPv6 addresses are significantly different from IPv4 addresses, not just in size, but in how they are structured, their types, their attributes, how many their are and how they are used. It is crucially important when deploying and securing IPv6 to move away from legacy IPv4 thinking and fully appreciate the differences from IPv4.

Course Information

Date Course Location Duration
25th Sep 2017 Implementing and Securing IPv6 Edinburgh 5 days
29th Jan 2018 Implementing and Securing IPv6 London 5 days
6th Feb 2018 IPv6 Forensics London 4 days

Book Now

Introduction to Erion

Erion is the world’s leading IPv6 training company. With over 19 years experience of providing IPv6 training and IPv6 consultancy services, Erion has the world’s most comprehensive portfolio of IPv6 training courses. Erion’s courses cover all aspects of IPv6 on all major operating systems and platforms.

All Erion’s IPv6 training courses are Gold certified by the IPv6 Forum. Our IPv6 security courses are also IPv6 Security certified from the IPv6 Forum.

These courses will be delivered by Erion’s chief consultant Dr David Holder.

Instructor Bio: Dr David Holder CEng FIET MIEEE

Dr Holder has over twenty-eight years’ experience in the IT industry in senior technical and management posts. He is currently the CEO and chief consultant at Erion Ltd, the world-leading IPv6 training and IPv6 consultancy company.

In his role at Erion, Dr Holder has had over nineteen years’ experience providing IPv6 consultancy to leading global organizations worldwide. He has assisted organizations to develop IPv6 strategies, enable IPv6 in their products, create IPv6 address schemas and deploy IPv6. His experience covers all major networking and operating system platforms. Clients include Alcatel Lucent, Arbor Networks, Atos Origins, Brocade, BT, Dell, Ericsson, HP, IBM, Sony and Sophos. He is the author of white papers, solution guides, books and training courses on IPv6 and related topics. Recent papers include two published by the UK telecommunications regulator Ofcom on IPv6 and CGN.

In addition to his role at Erion, Dr Holder is active in promoting IPv6 both in the UK and abroad where he is a regular speaker at IPv6 related conferences. He is the chairperson of the IPv6 Task Force Scotland, founder of the IPv6 Future Enabler conference and is a regular speaker at Global conferences on IPv6.

Dr Holder has a PhD in High-Frequency Semiconductor Physics and an Honors degree in Electronic Engineering. He is a Chartered Engineer, a Fellow of the Institute of Engineering Technology and a Member of the IEEE. He holds several industry qualifications.

Please contact us for further details.


Today, IPv6 comes as standard in all major operating systems. Users with IPv6 and IPv4 connectivity find that over 75% if their network traffic is carried by IPv6 rather than IPv4. Globally, the Internet is moving towards an IPv6 world.

The growth in IPv6 deployment has significant consequences for network security and in particular network forensics. Erion’s new course, IPv6 Forensics course, is designed to address the needs of those tasked with carrying out forensic investigations in IPv6 networks. This advanced course covers how to effectively collect and analyse IPv6 evidence. It covers a wide range of techniques and tools that allow an investigator to securely record the often transitory network evidence and then filter, dissect and analyse it.

Throughout the course delegates will learn how to use tools to capture packets and network information and then interpret the results. Each modules includes extensive practical work on real-life scenarios.

Modules in the four day course include:

  • IPv6 Forensics Fundamentals
  • Sources of IPv6 Evidence
  • Interpreting IPv6 Addresses
  • IPv6 Traffic Capture and Analysis
  • IPv6 Flow Capture and Analysis
  • Evidence from Neighbor Discovery (ND)
  • DHCPv6 Forensics
  • IPv6 Name Resolution Forensics
  • IPv6 Transition Forensics
  • IPv6 Application Forensics
  • IPv6 IPsec Forensics
  • IPv6 Network Evidence

Full details of the IPv6 Forensics course can be found here.

The first public course will run in February 2018. Please contact us if you require an on-site closed course or an earlier event.

Course Details

Course: IPv6 Forensics
Duration: 4 days
Location: London, UK
Dates: 6th February to 9th February 2018
Delegate Fee: £3,190.00 (GBP) + VAT if applicable

Book Now

Erion is the world’s leading IPv6 training company. With over 19 years experience of providing IPv6 training and IPv6 consultancy services, Erion has the world’s most comprehensive portfolio of IPv6 training courses. Erion’s courses cover all aspects of IPv6 on all major operating systems and platforms.

All Erion’s IPv6 training courses are Gold certified by the IPv6 Forum. Our IPv6 security courses are also IPv6 Security certified from the IPv6 Forum.

This course will take place in our London, UK venue.

The training fee includes, access to excellent facilities and the provision of a complimentary, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

This course will be delivered by Erion’s chief consultant Dr David Holder.

Instructor Bio: Dr David Holder CEng FIET MIEEE

Dr Holder has over twenty-eight years’ experience in the IT industry in senior technical and management posts. He is currently the CEO and chief consultant at Erion Ltd, the world-leading IPv6 training and IPv6 consultancy company.

In his role at Erion, Dr Holder has had over nineteen years’ experience providing IPv6 consultancy to leading global organizations worldwide. He has assisted organizations to develop IPv6 strategies, enable IPv6 in their products, create IPv6 address schemas and deploy IPv6. His experience covers all major networking and operating system platforms. Clients include Alcatel Lucent, Arbor Networks, Atos Origins, Brocade, BT, Dell, Ericsson, HP, IBM, Sony and Sophos. He is the author of white papers, solution guides, books and training courses on IPv6 and related topics. Recent papers include two published by the UK telecommunications regulator Ofcom on IPv6 and CGN.

In addition to his role at Erion, Dr Holder is active in promoting IPv6 both in the UK and abroad where he is a regular speaker at IPv6 related conferences. He is the chairperson of the IPv6 Task Force Scotland, founder of the IPv6 Future Enabler conference and is a regular speaker at Global conferences on IPv6.

Dr Holder has a PhD in High-Frequency Semiconductor Physics and an Honors degree in Electronic Engineering. He is a Chartered Engineer, a Fellow of the Institute of Engineering Technology and a Member of the IEEE. He holds several industry qualifications.

Information on other Erion IPv6 courses can be found on our IPv6 Training web-site.


As the world’s leading IPv6 training company, we are pleased to announced that we will be running some of our most popular IPv6 courses in Edinburgh, UK during 2017.

These include our comprehensive 5-day Implementing and Securing IPv6 course which covers all that you need to deploy and secure IPv6 in your networks.

Erion has over 19 years experience in IPv6. Over that time we have provided IPv6 consultancy and IPv6 training to leading organisations, enterprises and governments world-wide. Throughout the many IPv6 deployments and implementations that we have carried out we have consistently noticed two things; people underestimate the need for IPv6 training and IPv6 training is crucial to success.

Many assume that IPv6 is simply IPv4 with longer addresses. This is naive. Whilst the purpose and basic function of IPv6 is the same as IPv4; that is to route datagrams from a one node to another node (possibly on a different network), the features, functions, attributes and management of IPv6 are very different. Crucially, in many cases what is considered best practice in IPv4 is the opposite in IPv6. This means that staff with extensive experience of IPv4 have to have a change of mindset in order to successfully deploy IPv6.

For this reason, we have created the world’s largest portfolio of IPv6 training courses, covering all aspects if IPv6, across many different platforms and for a wide range of audiences. Continuously updated to reflect the latest standards and best practice our courses are ideally suited to ensure that you are ready to deploy IPv6 in an efficient and safe. Thereby maximising the benefit to your business.

Full details of our upcoming IPv6 training schedule can be found here. Alternatively, we can run on-site IPv6 courses for you at your premises when we can tailor the training programme to meet your exact requirements.

May 2017 Schedule

We have just scheduled courses in May 2017 for Edinburgh, UK. This includes our Implementing and Securing IPv6 course on a range of different platforms including Linux, Cisco IOS and Windows.

Full details can be found at our IPv6 training site.

Please contact us for further details.


In April 2016, we will be running one of our most popular IPv6 training courses in London, UK. The course, Implementing and Securing IPv6, is a comprehensive technical course that is ideal for all technologists interested in learning how to deploy and secure IPv6.

The recent announcements by all of the UK’s major ISPs that they will be turning on IPv6 for their customers in 2016, make this year the perfect time to enable IPv6. Now that over 50% of the world’s major content providers are IPv6 enabled and almost 100% of Internet transit providers are IPv6 enabled, end-users with both IPv6 and IPv4 find that over 70% of their traffic is over IPv6 rather than IPv4.

Deploying IPv6 not only future proofs your network but it also brings with it the opportunity for performance, functionality and operational improvements. For example, Facebook found that end users using IPv6 experience a 15% performance improvement over end users using IPv4. Also, in the long term, IPv6 is the only protocol suitable as a basis for the Internet of Things (IoT).

Furthermore, we already reaching the point where organisations are not only considering moving to IPv6-only networks but have already deployed such networks.

IPv6 is very different from IPv4. The common belief that IPv6 is IPv4 with longer addresses is wrong. IPv6 is made up of many new features and functions which are often widely and subtly different from those in IPv4. Even IPv6 addresses are significantly different from IPv4 addresses, not just in size, but in how they are structured, their types, their attributes, how many their are and how they are used. It is crucially important when deploying and securing IPv6 to move away from legacy IPv4 thinking and fully appreciate the differences from IPv4.

Erion is the world’s leading IPv6 training company. With over 18 years experience of providing IPv6 training and IPv6 consultancy services, Erion has the world’s most comprehensive portfolio of IPv6 training courses. Erion’s courses cover all aspects of IPv6 on all major operating systems and platforms.

This course will be delivered by Erion’s chief consultant Dr David Holder.

Course Details

Course: Implementing and Securing IPv6
Duration: 5 days
Location: London, UK
Dates: 11th April - 15th April, 2016
Exercise platforms: Linux (default), Cisco IOS, Windows
Delegate Fee: £2,195.00 (GBP) + VAT if applicable

Please contact us for further details.


Erion is pleased to announce that we are running two of our most popular IPv6 courses as public events  in the UK in November 2015.

The two courses are our; Implementing and Securing IPv6 (5-day) and our IPv6 for Software Developers (4-day). These two courses have been used to training thousands of software developers, system administrators and network managers world-wide. They have been developed over a period of 17 years.

The Implementing and Securing IPv6 course covers all aspects of IPv6 deployment and security in comprehensive detail. It is ideal for all technical staff wishing to learn more about IPv6. This 5-day course covers all the topics in our popular Implementing IPv6 (4-day) and Securing IPv6 (3-day) course. This is an intensive course ideal for those who do not have the time to attend both the 4-day and 3-day courses. This course includes extensive practical hands-on IPv6 exercises. The default platform for this course is Linux but we can arrange for the hands-on exercises to be carried out on other platforms including Cisco IOS.

The IPv6 for Software Developers provides all that developers need to write best-practice IPv6 enabled code. The course includes extensive hands-on practical exercises that cover not only the programming aspects of IPv6 but also the various aspects of IPv6 networking that help developers understand the issues behind writing effective IPv6 enabled applications.

All Erion’s IPv6 training courses are Gold certified by the IPv6 Forum. Our IPv6 security courses are also IPv6 Security certified from the IPv6 Forum.

Our Edinburgh, UK training location is situated in the city centre near to the world famous Edinburgh castle. There are many excellent facilities and hotels within walking distance. Edinburgh is easily reached via Edinburgh airport and by the UK rail and road network.

The training fee includes, access to excellent facilities and the provision of a complimentary breakfast, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

Erion is the world’s leading provider of IPv6 training. We have the largest portfolio of IPv6 training courses, suitable for all audiences, covering all aspects of IPv6 on all major operating systems and platforms. Erion’s courses are certified by the IPv6 Forum and are part of the Erion IPv6 Certified training programme. In addition to our public IPv6 training schedule, we also provide IPv6 training as on-site courses and we provide Erion Modular IPv6 Training which allows for a bespoke training programme to be created based on our hundreds of IPv6 training modules.For further information please contact us on +44 (0)1422 207000, enquiry@erion.co.uk or through our web-site contact form.

Copyright Erion Ltd 2015, all rights reserved. Permission to publish this article unchanged is hereby given.


Erion is pleased to announce that we are running several of our world-leading IPv6 training courses as public events in Edinburgh UK during March 2014. These include Erion’s Implementing IPv6, Securing IPv6 and Introduction to IPv6 IPv6 courses.

From the 17th to the 20th March 2014 we are running our flagship 4-day Implementing IPv6 course. Developed over 15 years, this course covers all aspects of IPv6 in comprehensive detail and is ideal for all technical staff wishing to learn more about IPv6. This course includes extensive practical hands-on IPv6 exercises. We will be running the Linux, Cisco IOS and Windows versions of this course in parallel. You have the option to chose to carry out hands-on exercises on Linux, Cisco IOS or Windows.

From the 24th to the 26th March 2014 we are running our 3-day Securing IPv6 course. This course includes a detailed analysis of the security risks associated with the introduction and deployment of the IPv6 protocol and how you should secure your network for IPv6. This course also includes extensive hands-on practical IPv6 exercises, where you are able to use a number of IPv6 vulnerability testing tools and implement a range of IPv6 security features.

On the 27th March 2014 we are running our 1-day Introduction to IPv6 which is a comprehensive technical overview of IPv6.

Our Edinburgh training location is situated in the city centre near to the world famous Edinburgh castle. There are many excellent facilities and hotels within walking distance. Edinburgh is easily reached via Edinburgh airport and by the UK rail and road network.

The training fee includes, access to excellent facilities and the provision of a complimentary breakfast, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

Erion is the world’s leading provider of IPv6 training. We have the largest portfolio of IPv6 training courses, suitable for all audiences, covering all aspects of IPv6 on all major operating systems and platforms. Erion’s courses are certified by the IPv6 Forum and are part of the Erion IPv6 Certified training programme. In addition to our public IPv6 training schedule, we also provide IPv6 training as on-site courses and we provide Erion Modular IPv6 Training which allows for a bespoke training programme to be created based on our hundreds of IPv6 training modules.For further information please contact us on +44 (0)1422 207000, enquiry@erion.co.uk or through our web-site contact form.

Copyright Erion Ltd 2014, all rights reserved. Permission to publish this article unchanged is hereby given.


Despite the imminent depletion of the IPv4 address pool and the serious consequences for the IPv4 Internet, there are still many organisations that continue to delay the implementation of IPv6. Whilst the need for IPv4 in some organisations is arguably less than in others, one area that cannot be ignored is the essential need to secure current IPv4 networks against attacks perpetrated through the use of IPv6 and IPv6 transition technologies.

It is undeniable that the vast majority of current TCP/IP networks already include not only IPv6 capability, but also have IPv6 traffic flowing over them. All modern operating systems include IPv6 dual stacks (which also provide backwards compatibility for IPv4). These operating systems, including Windows, Unix and Linux all use IPv6 by default when they can. As a result, current IPv4 networks must be secured against attacks via IPv6 and associated technologies even though they may not have explicitly deployed IPv6.

Whilst, IPv6 in and of itself is to a large extent neither more or less secure than IPv4, it’s existence in a network immediately increases the “attack surface” and therefore the security risks. Since the increased risk is not simply the sum of the two protocols but a complex interaction of IPv4, IPv6, transition mechanisms and other protocols, it is fair to say that the attack surface is somewhat more than doubled by IPv6. Furthermore, IPv6 includes many new features that make it significantly different from IPv4. This not only further increases the “attack surface” but it also means that many new mitigation and security techniques must be learned.

For those who might consider the “increased risk” a reason not to deploy IPv6; remember that IPv6 already exists whether you deploy it or not. Therefore you need to secure against IPv6 threats in your IPv4 networks.

It is essential that network security managers and others responsible for network and system security learn about IPv6 now and implement appropriate security measures as soon as they can. Erion provides the world’s most comprehensive range of IPv6 training. This includes in-depth IPv6 security training, for example, our 3-day Securing IPv6 course.

Copyright Erion Ltd 2010.


Erion Ltd, the leading IPv6 training and consultancy company, presented a case study on a large scale IPv6 migration at the IPv6 Implementers Conference last week in Mountain View, CA.

Erion’s David Holder described how Erion worked with Malaysia’s domain registrar MYNIC to enable the country code domain name for Malaysia. The presentation “Case Study: IPv6 Enabling Malaysia’s .my Domain”, showed how a carefully planned program of training and consultancy from Erion led to a successful deployment of IPv6 on MYNIC’s DNS servers and infrastructure.

Holder began by reminding delegates of how important name services are to the Internet and to the deployment of IPv6. He showed how problems with name services can reflect badly on IPv6 deployments and that it is therefore essential that great care is taken to ensure that name servers are correctly migrated to IPv6. He covered issues such as the potential for large DNS UDP packets to require the use of EDNS0 and how this has implications for firewalls and intrusion detection systems.

The presentation continued by reviewing the changes necessary in any DNS system in order to support IPv6 and some of the difficults that migration to IPv6 presents to DNS administrators.

A number of presentations during the conference had commented on the importance of adequate IPv6 training during IPv6 deployments. Holder said that in his experience IPv6 training is essential to any IPv6 deployment. He went on to show how Erion put together a tailored IPv6 training program for MYNIC based on Erion’s world-leading and extensive portfolio of IPv6 training courses and modules.

Holder described modifications made to MYNIC’s DNS servers and network in order to support IPv6. He also showed how Erion carried out an IPv6 audit of MYNIC’s network, servers and DNS configuration. Finally he demonstrated the IPv6 enabled .my domain and MYNIC’s IPv6 enabled reseller web-site.

As a result of Erion’s work MYNIC was accredited and certified for IPv6 network connectivity and for IPv6 security by Malaysia’s national IPv6 acreditation body.

Finally, Holder commented on some statistics taken by Erion that show how many companies have IPv6 enabled name servers, web servers and mail servers. The statistics included, MYNIC resellers, Fortune 100 companies and FTSE 100 companies. Holder said that whilst 73% of ccTLDs are IPv6 enabled very few resellers of domain names in their countries are. This does not mean that it is impossible to get IPv6 enabled domain name registered in these countries all it means is that a manual process may be required in order to get IPv6 glue into the ccTLD domain. In the case of Fortune 100 and FTSE 100 companies only 4 in each have IPv6 addresses for their name servers, 2 in each have IPv6 addresses for their web servers and none have IPv6 addresses for their mail servers.

Dr Holder’s talk can be downloaded here.

Erion is a world-leading IPv6 services company that has been providing IPv6 training and IPv6 consultancy for over a decade. Erion has extensive experience in IPv6 on a range of platforms and environments, including Windows, Unix, Linux and Cisco IOS. More information on Erion’s IPv6 training courses can be found at http://www.ipv6training.com and on Erion’s IPv6 consultancy services at http://www.ipv6consultancy.com.