Thinking about IPVv6 security in Windows operating system

Text/Anonymous

In Windows Server 2003, Windows XP Service Pack 1, and Windows XP Service Pack 2, Microsoft has bundled Internet Protocol version 6 (IPv6), but it is not installed by default, and others. Versions of Windows IPv6 are generally required to be available through third-party add-ons because they do not have plans to release IPv6 for Windows 2000 and its predecessors.

Microsoft's implementation of IPv6 can only provide less enhanced security for Windows networks of organizations that fully install and configure this protocol. However, there are still some security issues that need to be installed. Go ahead and find out about the new IP protocol.

Advantages of IPv6

By implementing Microsoft IPv6, we are able to gain a modest security enhancement. In the beginning, any attempt to attack your network must scan the IPv6 address space (which means a much larger address space than IPv4) to search for the network segment you are on. This can be said to be an address. Scan a black hole, but don't rely too much on this vague security.

As an enhanced security, it is almost this, is it less pitiful? ! If you are using the advanced features of IPv4, there are some major security degradations before configuring IPv6 that you need to consider carefully.

Defects in IPv6

From my point of view, Microsoft must redesign its IPv6 before acquiring a new security key. The most obvious problem is the "crash" of the Microsoft IPv6 IP Security (IPSec) protocol. IPSec supports Authentication Header (AH) 1 and Encapsulating Security Payload (ESP) 2 for transport and tunnel mode. However, Microsoft ESP does not support data compression. In addition, Microsoft IPv6 does not support Internet Key Exchange (IKE, Internet Key Exchange) Negotiation Security Associations (SAs). We will not be able to set IPv6 PSec security through Group Policy. Instead, you must manually configure them to calculate SA for each server, Message Category 5 (MD5), and Secure Hash Algorithm 1 (SHA-1). Key.

Manually configuring security keys and static security algorithms on every server in your organization is a catastrophic prescription. If your security key is manually statically configured, then your data In the end it will be destroyed. Even if you use the correct key, those keys will end up being easily destroyed.

Installing IPV6

You can install IPV6 as an additional network protocol. It is important to remember that IPV4 must be installed before you can load IPV6.

Install IPV6 as follows :

1, Start-->Control Panel-->Double-click Network Connection

2, right-click Local Area Connection, select Properties

3, click the Install button

4. Select Microsoft IPV6 and click OK.

Summary

Microsoft has released the Windows 2000 version of the IPV4 technology preview, which you can download on MSDN WEB SITE. However, it is recommended to fully test it and then place it in a production environment.

Note:

1 The IPsec Authentication Header [AH] specification provides a similar service by computing authentication data that covers the data portion and IP header of a message. The unchanged part of the transmission.

2[ESP] specifies the use of an optional encryption algorithm to provide confidentiality and specifies an optional authentication algorithm to provide authentication and integrity. The NULL encryption algorithm is a convenient way to represent options that are not encrypted.

Although IPv6 seems to be a long way from us, it does not prevent us from discussing its various good and bad in advance. As a lot of experts are eagerly awaiting IPv6, its huge address space makes us covet. But even so, its security is still the focus we need to consider, I hope that a software giant like Microsoft, you love him and hate him, its Windows security is still worthy of our attention, Like we are concerned about whether the refrigerator or air conditioner in our home is safe, isn’t it?