![]() When configuring the router you need to still only open the ports that you must and take proper security measures when writing your programming to prevent the hacking of your devices and server.įor the purposes of this article I will be using Hurricane Electric to provide a static IPv6 /64 sub net. Keep in mind that even though you put your internet facing server in a DMZ doesn't mean that you don't need some sort of firewall between the internet and your server. Separating your networks will prevent any security flaws in your programming from compromising your “production” workstations, and your IPv6 server could face the internet in a demilitarized zone (DMZ). In this instance, you could safely disable any firewall that may come with the modem. In the diagram above, there are two separate networks, each blocked by their own router firewall. The below is a diagram of a network setup that I use and suggest you use as well when developing with IPv6. Think of Ipv4 as your production network that you don't want to have had compromised and the IPv6 as a development environment network, where even if it did get compromised, your Ipv4 environment would be unscathed. The way I have my network setup and the way I suggest that you do it too is to split your two networks into two separate networks. Like most people you will probably be working with IPv6 alongside an Ipv4 network. IPv6 Network Setup Security Considerations My personal feelings are that this could be a good thing, but developers, engineers and creators alike need to be wary of people who may try to use this for evil and need to take the necessary steps to ensure that they don't become a victim of someone who would mean them harm. This is a scary thought, but I fear that we will be going down the road of the internet of things whether it is a good idea or a bad one. Suddenly to burn down a house you don't need to show up in person and light a match to start a house fire, it is just done anonymously over the internet with a few keystrokes. To a security researcher or a common ill willed hacker, the idea of a world connected to the internet brings about an excitement as unprepared people start connecting things to the internet, millions of potential security holes will crop up, instead of hackers stealing data off your computer, they are now able to access say your oven in your kitchen, turning it on and possibly creating a disaster inside your home. Having anything and everything connected to the internet sounds like a good idea until you talk to a security researcher. With so many addresses available we can use them for anything and everything. This is the idea that you could connect anything and everything you wanted to the Internet, toasters, headphones, your latest project, pretty much anything that you could possibly dream up. The buzzword of Ipv6 is “the internet of things”. With so many Ipv6 addresses available there is no reason to sell even a massive sub net of a /64 or even a /48, and so companies like Hurricane Electric and GoGo6 are giving away sub nets to allow users to have there own static Ipv6 addresses. ISP's have been charging for Ipv4 addresses at a price that is usually not a worthwhile purchase for the average hobbyist tech-engineer. With the advent of Ipv6, this enables the tech-minded community to invent things that were never before possible. For an introduction to Ipv6 and what it has to offer see this article, here. With Ipv6 the number of addresses is fantastically huge and should support the internet for the foreseeable future. ![]() The number of current ipv4 address is nearly expired and is becoming harder and harder to obtain a address based on the version 4 of the protocol. What is IPv6? In short IPV6 is the next iteration of the internet protocol.
0 Comments
Leave a Reply. |