Introduction

In the open, hostile environment of today s Internet, clearly the security of information must be the top priority of any organization. To best protect an organization s critical electronic information, security should be implanted at many layers, but the introduction of security at the network layer has grown significantly in recent years. IP Security (IPSec) specifications have been implemented widely with IPv4 between communicating hosts on local networks or on virtual private networks (VPNs), in which the Internet serves as the communication channel between two private networks.

IPv6 has integrated the IPSec framework into the protocol specifications and allows for easy implementation of security at the network layer. This chapter focuses on the IPSec framework, explaining how each component works in IPv6; it also explores the topic of perimeter security, another critical component of a good security implementation, and explains how to apply this type of security for IPv6 using Cisco IOS.

IPSec Overview

Security risks specific to IP include data theft, data tampering, and peer impersonation. Data theft is typically accomplished by eavesdropping on all the traffic traversing a particular network segment using a device called a sniffer. Data tampering involves actually intercepting traffic (not just eavesdropping) that is not destined for a particular machine, modifying the data, and sending the modified traffic along to the ultimate destination. Peer impersonation involves pretending to be another node by sending traffic to a particular destination node, but specifying another IP address as the source address instead...