#5) IPv6 provides better security than IPv4 for applications and networks
The Internet has functioned for the last three decades with IPv4 as the underlying protocol. However, because of this end-to-end model, IPv4 was designed with almost no security in mind and assumes that the required security will be provided at the end nodes. For example, consider an application such as email that may require encryption services – under IPv4, it is the responsibility of the email client at the end nodes to provide those services. Today, the Internet faces threats such as Denial of Service Attacks, Malicious code distribution, Man-in -the-middle attacks, Fragmentation attacks and Reconnaissance attacks.
Challenge to IPv4
Network Address Translation (NAT) and Network Address Port Translation (NAPT) were used to provide some level of protection against some of the threats mentioned above using methods such as firewalls. Also the introduction of the IPSec protocol, allowed some communication to be encrypted but its implementation in IPv4 is optional and the whole responsibility of ensuring secure communication still lies with the end nodes. However, new applications like mobile e-commerce and portals demand end-to-end security.
How does IPv6 provide a solution?
In IPv6, IPSec is a major protocol requirement and is one of the factors in ensuring that IPv6 provides better security than IPv4.
IPSec contains a set of cryptographic protocols for ensuring secure data communication and key exchange. The main protocols used are:
1.Authentication Header (AH) protocol, which enables authentication and integrity of data.
2.Encapsulating Security Payload (ESP) protocol, which enables both authentication and integrity of data as well as privacy of data.
3.Internet Key Exchange (IKE) protocol. This protocol suite helps to initially set up and negotiate the security parameters between two end points. It then also keeps track of this information so that the communication stays secure till the end.
Thus, IPv6 ensures that there are end-to-end security mechanisms that will provide authentication and encryption abilities to all applications and thereby eliminates the need for applications themselves to have integrated support for such abilities. The added benefit of using the same security mechanisms for all applications is that setting up and administering security policies becomes a lot simpler. IPv6 allows for complete end-to-end security thereby allowing for a new set of personalized services to be deployed such as mobile e-commerce services that rely on secure transactions.