What the student will learn
By completing this tutorial, students will be able to:
- IPv6 and Firewall Basics
- Learn how to configure inbound rules in the firewall
- Handling Established, Related and Invalid Connections
- ICMP Traffic Management in IPv6
- Link-local and WAN Address Security
- Forward Rules for Customer Protection
- Allow Secure Internet Access for Customers
- Security Strategies and Best Practices in IPv6
Requirements
- Understand basic networking concepts, such as network types (LAN, WAN), network topologies, and OSI/TCP-IP models.
- Know the differences between public and private IP addresses, and how they are used in networks.
- Have knowledge of subnets, netmasks and IP addressing.
- Understand the basic concepts of routing and switching in networks.
- Know how Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) work.
- Understand the assignment of dynamic and static IPs.
General Purpose
Provide a detailed and understandable guide to configure an IPv6 firewall, in order to protect both the router and the LAN network devices in IPv6 environments.
Through a step-by-step methodology, the tutorial seeks to equip students with the knowledge and skills necessary to effectively implement security policies on an IPv6 network, ensuring the integrity, availability and confidentiality of network traffic.
Objectives by Chapter
Chapter 1: Configure Input Rules for Router Protection
The first chapter focuses on protecting the router, configuring input rules that define how incoming traffic is handled.
The goal is to ensure that the router is protected against unauthorized access and attacks, allowing only legitimate traffic.
- Set up rules to handle established, related and invalid connections, ensuring that the router responds appropriately to different types of network traffic.
- Allow ICMP traffic, necessary for network diagnosis and control, while protecting against possible attack vectors through this type of packets.
- Discard link-local addresses from the WAN interface, preventing unwanted access to the router from the internet.
- Establish rules to allow administrative access to the router, using secure and controlled addresses.
Chapter 2: Configure Forward Rules to Protect Customer Traffic
Protect client traffic within the network by configuring forward rules that determine how traffic is handled through the router.
The goal is to ensure safe browsing for end users, allowing access to the internet while blocking threats.
- Set up rules for established, related and invalid connections, optimizing the flow of legitimate traffic and blocking suspicious or malicious traffic.
- Allow ICMP traffic, essential for the operation and maintenance of the network.
- Facilitate secure connections of customers to the Internet, allowing the external access necessary for online applications and services.
At the end of this Tutorial
Upon completion of this tutorial, the student will have gained a deep understanding of how to configure and manage a firewall in an IPv6 environment, both for router protection and client traffic security. Participants will learn to:
- Identify and apply the appropriate rules for different types of network traffic, improving overall network security.
- Effectively manage ICMP traffic for the benefit of the network, without compromising security.
- Protect the router from unauthorized access and ensure that only legitimate traffic can enter the network or access the router for administration tasks.
- Ensure that customer devices can access the internet securely, minimizing the risk of attacks and exposure to external threats.
In summary, this tutorial provides a solid foundation in firewall configuration for IPv6, equipping students with the tools necessary to implement effective security strategies on their own networks.