ABSTRACT
Introduction Th is chapter continues the discussion on IPv6 security that we started earlier in the text. Th e topic of perimeter fi rewalls in an IPv6 environment is covered here. As we saw in Chapter 4, fi rewalls are used to enforce a security policy that controls the types of traffi c that may transit between public (external) networks and an organization’s intranet. Firewalls are also employed to protect an enterprise from network-, transport-, and application-level exploitation and Denial of Service (DoS) (fl ooding) attacks. IPv6 fi rewall considerations that the planner needs to take into account include: fi rewall roles, packet fi ltering, extension headers, and use of IPsec Encapsulating Security Protocol (ESP), among others. Device performance may be an issue in IPv6 due to the impact of encryption processing (as in fact is also occasionally the case in IPv4).
