Archive for the ‘Security’ Category

Erion is pleased to announce that we are running several of our world-leading IPv6 training courses as public events in Edinburgh UK during March 2014. These include Erion’s Implementing IPv6, Securing IPv6 and Introduction to IPv6 IPv6 courses.

From the 17th to the 20th March 2014 we are running our flagship 4-day Implementing IPv6 course. Developed over 15 years, this course covers all aspects of IPv6 in comprehensive detail and is ideal for all technical staff wishing to learn more about IPv6. This course includes extensive practical hands-on IPv6 exercises. We will be running the Linux, Cisco IOS and Windows versions of this course in parallel. You have the option to chose to carry out hands-on exercises on Linux, Cisco IOS or Windows.

From the 24th to the 26th March 2014 we are running our 3-day Securing IPv6 course. This course includes a detailed analysis of the security risks associated with the introduction and deployment of the IPv6 protocol and how you should secure your network for IPv6. This course also includes extensive hands-on practical IPv6 exercises, where you are able to use a number of IPv6 vulnerability testing tools and implement a range of IPv6 security features.

On the 27th March 2014 we are running our 1-day Introduction to IPv6 which is a comprehensive technical overview of IPv6.

Our Edinburgh training location is situated in the city centre near to the world famous Edinburgh castle. There are many excellent facilities and hotels within walking distance. Edinburgh is easily reached via Edinburgh airport and by the UK rail and road network.

The training fee includes, access to excellent facilities and the provision of a complimentary breakfast, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

Erion is the world’s leading provider of IPv6 training. We have the largest portfolio of IPv6 training courses, suitable for all audiences, covering all aspects of IPv6 on all major operating systems and platforms. Erion’s courses are certified by the IPv6 Forum and are part of the Erion IPv6 Certified training programme. In addition to our public IPv6 training schedule, we also provide IPv6 training as on-site courses and we provide Erion Modular IPv6 Training which allows for a bespoke training programme to be created based on our hundreds of IPv6 training modules.For further information please contact us on +44 (0)1422 207000, enquiry@erion.co.uk or through our web-site contact form.

Copyright Erion Ltd 2014, all rights reserved. Permission to publish this article unchanged is hereby given.


Despite the imminent depletion of the IPv4 address pool and the serious consequences for the IPv4 Internet, there are still many organisations that continue to delay the implementation of IPv6. Whilst the need for IPv4 in some organisations is arguably less than in others, one area that cannot be ignored is the essential need to secure current IPv4 networks against attacks perpetrated through the use of IPv6 and IPv6 transition technologies.

It is undeniable that the vast majority of current TCP/IP networks already include not only IPv6 capability, but also have IPv6 traffic flowing over them. All modern operating systems include IPv6 dual stacks (which also provide backwards compatibility for IPv4). These operating systems, including Windows, Unix and Linux all use IPv6 by default when they can. As a result, current IPv4 networks must be secured against attacks via IPv6 and associated technologies even though they may not have explicitly deployed IPv6.

Whilst, IPv6 in and of itself is to a large extent neither more or less secure than IPv4, it’s existence in a network immediately increases the “attack surface” and therefore the security risks. Since the increased risk is not simply the sum of the two protocols but a complex interaction of IPv4, IPv6, transition mechanisms and other protocols, it is fair to say that the attack surface is somewhat more than doubled by IPv6. Furthermore, IPv6 includes many new features that make it significantly different from IPv4. This not only further increases the “attack surface” but it also means that many new mitigation and security techniques must be learned.

For those who might consider the “increased risk” a reason not to deploy IPv6; remember that IPv6 already exists whether you deploy it or not. Therefore you need to secure against IPv6 threats in your IPv4 networks.

It is essential that network security managers and others responsible for network and system security learn about IPv6 now and implement appropriate security measures as soon as they can. Erion provides the world’s most comprehensive range of IPv6 training. This includes in-depth IPv6 security training, for example, our 3-day Securing IPv6 course.

Copyright Erion Ltd 2010.


Erion Ltd, the leading IPv6 training and consultancy company, presented a case study on a large scale IPv6 migration at the IPv6 Implementers Conference last week in Mountain View, CA.

Erion’s David Holder described how Erion worked with Malaysia’s domain registrar MYNIC to enable the country code domain name for Malaysia. The presentation “Case Study: IPv6 Enabling Malaysia’s .my Domain”, showed how a carefully planned program of training and consultancy from Erion led to a successful deployment of IPv6 on MYNIC’s DNS servers and infrastructure.

Holder began by reminding delegates of how important name services are to the Internet and to the deployment of IPv6. He showed how problems with name services can reflect badly on IPv6 deployments and that it is therefore essential that great care is taken to ensure that name servers are correctly migrated to IPv6. He covered issues such as the potential for large DNS UDP packets to require the use of EDNS0 and how this has implications for firewalls and intrusion detection systems.

The presentation continued by reviewing the changes necessary in any DNS system in order to support IPv6 and some of the difficults that migration to IPv6 presents to DNS administrators.

A number of presentations during the conference had commented on the importance of adequate IPv6 training during IPv6 deployments. Holder said that in his experience IPv6 training is essential to any IPv6 deployment. He went on to show how Erion put together a tailored IPv6 training program for MYNIC based on Erion’s world-leading and extensive portfolio of IPv6 training courses and modules.

Holder described modifications made to MYNIC’s DNS servers and network in order to support IPv6. He also showed how Erion carried out an IPv6 audit of MYNIC’s network, servers and DNS configuration. Finally he demonstrated the IPv6 enabled .my domain and MYNIC’s IPv6 enabled reseller web-site.

As a result of Erion’s work MYNIC was accredited and certified for IPv6 network connectivity and for IPv6 security by Malaysia’s national IPv6 acreditation body.

Finally, Holder commented on some statistics taken by Erion that show how many companies have IPv6 enabled name servers, web servers and mail servers. The statistics included, MYNIC resellers, Fortune 100 companies and FTSE 100 companies. Holder said that whilst 73% of ccTLDs are IPv6 enabled very few resellers of domain names in their countries are. This does not mean that it is impossible to get IPv6 enabled domain name registered in these countries all it means is that a manual process may be required in order to get IPv6 glue into the ccTLD domain. In the case of Fortune 100 and FTSE 100 companies only 4 in each have IPv6 addresses for their name servers, 2 in each have IPv6 addresses for their web servers and none have IPv6 addresses for their mail servers.

Dr Holder’s talk can be downloaded here.

Erion is a world-leading IPv6 services company that has been providing IPv6 training and IPv6 consultancy for over a decade. Erion has extensive experience in IPv6 on a range of platforms and environments, including Windows, Unix, Linux and Cisco IOS. More information on Erion’s IPv6 training courses can be found at http://www.ipv6training.com and on Erion’s IPv6 consultancy services at http://www.ipv6consultancy.com.


MYNIC (the administrator of Malaysia’s .my domain) switched on IPv6 on their domain name servers for the first time at the weekend. Malaysia now joins the growing number of country codes whose DNS is IPv6 enabled.

MYNIC’s Lai Heng Chong, said “We have successfully migrated two of our DNS servers to IPv6″. Mr Heng Chong went on to say that their DNS changes will be submitted to IANA this week.

Erion provided MYNIC with IPv6 training and consultancy during the migration to IPv6. MYNIC staff attended Erion’s Implementing IPv6 and Securing IPv6 training courses, on-site in Malaysia at MYNIC’s offices in Seri Kembang. Erion also provided on-site IPv6 consultancy on configuring IPv6 and securing MYNIC’s servers and network for IPv6.

Erion’s David Holder said, “Erion is very proud to have been a part of Malaysia’s migration to IPv6. It was a pleasure to work with the MYNIC team on this important project”.

For further information on Erion’s IPv6 services in Malaysia and elsewhere please contact David Holder on david.holder@erion.co.uk or +44(0)131 2026317 or visit Erion’s web-site at www.erion.co.uk.


In February 2008, IPv6 addresses were added for six of the world’s 13 root name servers. Now many country code top level domains (ccTLDs) also have IPv6 addresses.

This is a significant step for the widespread deployment of IPv6. Organisations can now, potentially, use only IPv6 for name resolution.

Erion has provided IPv6 consultancy and training to enable ccTLDs to IPv6 enable their domain name services. We have provided a mixture of advanced IPv6 deployment training, IPv6 security training, IPv6 implementation consultancy and IPv6 security consultancy.

Please contact us for further details.


Erion has just released two IPv6 security training courses.

The first is a short (half day) briefing intended to give technical managers, networking and security staff a overview of IPv6 security threats and solutions.

The second is a three day intense technical course entitled Securing IPv6. This covers everything required to understand how to secure your network in readiness for implementing IPv6.

Details of both courses can be found on our main site and our IPv6 training site.