2011 3rd International Symposium & Exhibition in Sustainable Energy & Environment, 1-3 June 2011, Melaka, Malaysia

Distributed Security Policy for IPv6 Deployment

Wan Nor Ashiqin Wan Ali#1, Abidah Hj Mat Taib#1,2, Naimah Mohd Hussin #3,
Rahmat Budiarto*3, Jamal Othman #4
#

Faculty of Computer and Mathematical Sciences,

Universiti Teknologi MARA Perlis Branch, Malaysia
1
[email protected] 1,[email protected]
*
School of Computer Sciences,
Universiti Sains Malaysia, Penang, Malaysia

Abstract Internet Protocol version 6 (IPv6) is a next generation

protocol that is designed to solve the problem of the current
Internet Protocol version 4 (IPv4) depletion. With IPv6, almost
anything in the world can be assigned an IPv6 address which
makes communication between every single person to another
possible. Besides, monitoring and sensing every single node or
instrument can be done due to each item has its own IPv6
address. Realizing the features of IPv6, enterprise networks have
begun deploying IPv6. Although they have not decided to deploy
IPv6, IPv6 packet is possibly already in the network due to the
most present operating systems supporting IPv6 and IPv6 enable
is set as default. Deploying IPv6 in the existing IPv4 network
results in coexistence of both protocols in the network. Thus, the
coexistence condition exposed enterprises network to higher
probability of vulnerabilities and attacks. Hence, several security
policies should be created to maintain security for both IPv4 and
IPv6. A proper mechanism to manage the policies to ensure a
secure IPv6 deployment is a necessity. Since enterprises have
many branches and counterparts, it is essential to have a
mechanism to distribute the policies among their branches or
subnets. Therefore, the proper mechanism to distribute the
security policy which will also support the green computing
environment should be formed.
Keywords Distributed security policy, enterprise security
policy, IPv6 deployment, enterprise networks.

I. INTRODUCTION
Nowadays, Internet usage is rising hastily together with the
growth in technology. Internet can communicate nodes with
each other in a widespread area. The exhaustion of the IPv4
allocation pool has been an anxiety when the Internet began to
practise extraordinary expansion. Furthermore, current news
stated that the IPv4 has been declared totally diminished by
2011 as in [1].
To overcome the IPv4 depletion problem, IETF has
introduced an Internet Protocol version 6 (IPv6) in 1995. IPv6
addressing uses 128-bits, making almost anything in the world
can be assigned an IPv6 address and makes communication
between every single user to another a possibility. Besides,
resolving the IPv4 address depletion, IPv6 permits security
enhancement and offers an extra extensible and simpler
header as in [2].

Furthermore, the growth of Internet and Intranet security is

significant to organizations as in [3]. Realizing the
enhancements and benefits of IPv6 that can meet the current
and future Internet demands, enterprises have started
deploying IPv6. Somehow, IPv6 is already in the network due
to the majority current operating systems set IPv6 enable as
default. At the early stage of IPv6 deployment, enterprises
should address the coexistence of IPv4 and IPv6 in the
network because while starting to deploy IPv6, we still rely on
the existing IPv4 application.
The coexistence conditions might cause numerous security
problems because a protocol might be used to utilize the other
protocol if the attacker realizes the accessible of both
protocols in the network as in [4]. Therefore, numerous
security policies should be formed to sustain security for both
IPv4 and IPv6.
Since enterprises might have many branches and
counterparts, they need to distribute the same security policy
to all their branches and among subnets. Therefore, a proper
approach will be designed to ensure that security policies can
be distributed, updated and controlled by only one server or
approach. Moreover, to create a green environment as well as
to decrease the heat and carbon dioxide (CO2) produced, the
designation of distributed security policy will consider using
cloud computing instead of putting a firewall at every host.
Furthermore, enterprises are preferred to choose a way which
can decrease their costs. Hence, enterprises will prefer to use
cloud computing to reduce the cost of servers maintenance.
As a result, enterprise can reduce the heat and minimize the
power of electricity produced by their servers. Indirectly,
enterprises can support and contribute to the green technology
campaign.
The main objective of this paper is to investigate the
distributed firewalls approach as a mechanism to implement
distributed security policy for securing the IPv6 deployment.
This paper aims to propose secure security policy in
demonstrating the distributed security policies for IPv6
deployment in a way of green environment. This is important,
as security policy is needed in every enterprises branch.
The remainder of this paper is organized as follows:
Section II discusses on security policy improvements for
secure enterprise networks and security strategy in defining

978-1-4577-0342-3/11/$26.00 2011 IEEE

120

security policy for enterprise networks, enterprise network

security policy and high-level security policy in enterprise
networks. Section III describes threats and vulnerabilities due
to IPv6 deployment. Section IV discusses some basic design
of an approach to distribute security policy in enterprise
networks and Section V discusses some of the related works.
Finally, we conclude the paper in Section VI.
II. SECURITY POLICY IMPROVEMENTS FOR SECURE ENTERPRISE
NETWORKS

As the rise of Internet demands, enterprises need to deploy

IPv6 networks sooner or later. There are still some
vulnerabilities of IPv6 that need to be considered, examined
and evaluated since it is likely new in enterprise networks.
Furthermore, with the coexistence of both IPv4 and IPv6,
enterprises must design and create an efficient security policy
to manage their branches from any threats and vulnerabilities.
An important subject in managing network security is to
identify proper security policies. The high-quality policy
design is supposed to be simple to get accurate along with
pretty established, even within the changing network as in [5].
Based on thesaurus, policy can be defined as a technique or
course of act chosen from options of certain circumstances to
point and decide current or upcoming decision.
Enterprises need to look into strategies on how they can
develop security policies for their branches as a basic design
of security policy. In brief, they need to precisely strategize
their work in developing the security policies.
A. Enterprise Network Security Policy using Cloud
Computing
A successful and efficient enterprises need policy as the
keystone for their security management. It provides like a path
plot, whereby each individual inside enterprise is able to
utilize it in various ways.
In addition, by using cloud computing, enterprises still can
avoid from vulnerabilities and malicious attacks when they
use cloud computing to store their policy and rules. Moreover,
cloud computing was implemented as a abstraction phase
among a well-defined interface [6]. In consequence, users no
necessitate distinguishing the steps involved in the
implementation since the implementation is a black box to the
users.
Furthermore, enterprises need to create high level of
security policy to avoid from unauthorized users. A high
quality of security policy will afford and match the vision of
the enterprise, which is a crucial asset in preventing
enterprises from vulnerabilities and malicious attacks.
Although trust issues are the most well-known issues
related to the cloud computing, but as long as enterprise or
industry cannot provide the verification about trustworthiness
or any security threats, security and privacy are still provided
by cloud computing.
Even though cloud computing provides the privacy for their
users; however, there is a need for enterprises to determine
who is capable or not to control or modify the policies.
Organization Role-Based Access Control (OrBAC)

mechanism can be considered to assign privilege to access the

control of security policy.
B. High-Level Security Policy in Enterprise Networks
Enterprises normally contain high-level and low-level
policy. High-level policy manages the whole conditions of
enterprises which address requirements, wants, and desires of
an enterprise and express security permit in securing data.
Furthermore, high-level policy languages can be specifically
designed for integrity and confidentiality as in [5]. High
policy languages are easy to recognize and to obtain
accurately while low-level security policy is otherwise vice
verse.
However, individual techniques are needed to solve all the
complexities by computerizing the procedure of high-level
security policy translation into low-level security methods.
In order to create a high-level security policy, some
technical knowledge is needed to ensure that the security
policy is correct. The majority enterprises entrust right
hierarchically such as the Chief Security Officers (CSO)
capability to create enterprise-wide policies. Moreover
subordinates might simply expertise policies, which match to
the enterprises policy as in [7].
Meanwhile, low-level policies are communicated by extra
detailed set of conditions. Furthermore, low-level policies are
the type which regularly directs to dealings. For example,
students know that they must go to school and study during
class hours.
As time goes by, the security policies need to be designed
and evaluated with high-level policy. Thus, enterprises can
implement their security policies by applying policy cycle,
which consists of setting policy agenda, writing and designing,
applying, analyzing and renewing the policy. Furthermore,
high-level security policy is greatly established, as the
objectives of security administration typically have not been
modified very regularly.
Reference [8] stated that in STRONGMAN architecture,
numerous high-level policy languages are applied to identify
security needs intended for diverse request domains. However,
numerous diverse applications can be composed by high-level
policies, which will be compiled into familiar intermediary
policy language.
Therefore, there should be a policy language used in the
ways of developing the distributed security policy. It is
important as a way out from threats and vulnerabilities due to
IPv6 deployment.
III. THREATS A ND VULNERABILITIES DUE TO IPV6
DEPLOYMENT
A. Vulnerabilities of IPv4 and IPv6 Coexistence Scenarios
Several attacks from IPv4 still appear in IPv6 networks
even though enterprise deploys IPv6. Thus, the coexistence
condition of IPv4 and IPv6 exposed the enterprises network to
known threats and attacks in IPv4 as well as potential threats
in IPv6.

121

Threats and attacks known in IPv4 such as the sniffing

attacks, application layer attacks, flooding attacks, rogue
devices and man-in-the-middle attacks are also possible in
IPv6.
The sniffing attack gets data which is being broadcast via
network. Thus, an attacker can easily get his desired
information from the data. The application layer attack was
not affected by the IPv6 deployment because, the attacks
occurred in application layer while the deployment occurred
in network layer. Flooding attack gives a huge amount of
network traffic to network devices or hosts to decrease the
performance or damage the devices. Rogue devices are the
unauthorized devices used in network while man-in-themiddle attacks are the attackers that attack the networks via
other protocol. The man-in-the-middle attacks happened
because IPv4 and IPv6 did not have any security mechanism
in their headers.
B. Specific Security Threats in IPv6 Deployment
IPv6 networks are still exposed with several of
vulnerabilities in spite of security enhancement constructed in
the recent IPv6. Several security threats that may occur in
IPv6 deployment include reconnaissance attacks, security
threats correlated towards IPv6 routing headers, fragmentation
correlated security threats, security threats correlated to
ICMPv6 and multicast, Secure Neighbor Discovery protocol
(SEND) and CGAs and security concerns correlated to
transition methods as in [4]. Attackers will use reconnaissance
attack which is a passive collecting data to obtain the desired
data from victims network. Thus, the attackers can use the
data to make further attacks, while security threats related to
IPv6 routing headers explained that attackers can stay away
from access control via routing headers. Threats that are
related to ICMPv6 and multicast will allow attackers to
attackers to attack the network via ICMPv6 messages because
IPv6 cannot block all the ICMPv6 unlike IPv4 which can
block most of their ICMP messages. Therefore, several threats
and attacks have been considered to be discovered in this
paper such as sniffing attacks, flooding attacks, security
threats which are related to IPv6 routing headers, ICMPv6
messages and multicast using the distributed security policy
that contain both policies for IPv4 and IPv6.
IV. BASIC DESIGN OF A N APPROACH TO DISTRIBUTE
SECURITY POLICY IN ENTERPRISE NETWORKS
In order to identify the security policy, there is a need to
have a test bed where the policy and an appropriate
mechanism in managing security policy can be defined. Fig. 1
shows the topology diagram of testing planned approaches for
this research.
Fig. 1 shows the network topology diagram planned for this
research where the communication of nodes can be filtered by
the defined security policy. Since enterprises have many
branches, they need to distribute their official security policies
to all their branches. Furthermore, the coexistence of IPv4 and
IPv6 networks in their branches and counterparts enforces
enterprises to create and design or upgrade their security

policy in order to ensure they can avoid from threats and

attacks. Fig. 2 shows the basic enterprise business activities.

Fig. 1 Network testing topology diagram

Fig. 2 Basic enterprise business activities

Fig. 2 illustrates the basic enterprise business activities,

which explain on why enterprises need to distribute their
security policies. Therefore, when enterprise deploys IPv6,
they also need to consider threats and vulnerabilities of
coexistence IPv4 and IPv6 in their enterprise networks. The
existence security policies in enterprises might have policies
to avoid threats and attacks from IPv4 networks only. Thus,
enterprises have already designed their security policy.
Enterprises determine their security policy according to risk
assessment on their assets. Then, enterprise needs to define
security and decide respective safeguarding mechanisms or
router measure for protection against attacks. Enterprise

122

should have Policy Management Tool (PMT) to ease the

network administrator to modify the policies accordingly.
The designed policies stored are also known as Policy
Decision Point (PDP). Then Policy Enforcement Point (PEP)
will enforce the routers or switches. Routers or switches will
query the PDP for clients information. Policy system can be
developed using more than one PDP, thus it offers many
administrators to have authority to manage it. Before PDP can
decide to reply which policy should be chosen, all attributes
which are related to the policies will define in Policy
Information Point (PIP). Attributes only can be defined after
enterprises consider and evaluate the existence policy and
their business network environment. Then, after policy has
been decided, high level management in the enterprise or
security administrator can access and control it. Only
authorized person can access and control the policy. Therefore,
to manage the policy based on authorization hierarchy in an
enterprise, OrBAC is used to assign the privilege to access
control of policies. Fig. 3 shows the policy management
structure conducted in this paper.

and brings into a hypothesis statement which is less devices

used, less energy wasted. Hence, it will create a green
environment that decreases global warming, CO2 produced
from combustion of unused devices and save energy and
money.
Thus, in order to develop the enterprise security policy, we
will design policy and rules. The examples of designed policy
are as follow:
Authorization policy is security policies associated to
access-control. The authorization also specifies to protect
the enterprises from any permitted or non-permitted
actions.
Obligation policy specifies which actions that an enterprise
needs to execute to avoid from attacks or threats.
Update policy specifies the policies of an enterprise that
will distribute updated policies to all of branches.
Prevention policy specifies the ways of avoiding from
unsuspicious packets or unknown source addresses.
After designing the policies, the policies will be translated
into rules. Rules are constructed in two ways which are by
using iptables for IPv4 and ip6tables for IPv6. Fig. 4 shows
the example of rules of security policy (iptables) which is
included in our research work while Fig. 5 illustrates some
instances in the ip6tables rules.
#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
#iptables
-A
FORWARD
-i
eth0
-m
state
--state
RELATED,ESTABLISHED -j ACCEPT
#iptables
-A
OUTPUT
-m
state
--state
NEW,RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -s 192.168.3.40/32 -j DROP
Fig. 4 Rules of security policy (iptables)

Fig. 3 Policy management structure

In developing a distributed security policy, there are three

important elements that must be considered as in [9]: a
language to communicate the policies, a method to distribute
the policy and a method that will apply the policies. Therefore,
to communicate the policies in our implementation, we must
consider using an eXtensible Access Control Markup
Language (XACML). XACML is a language intended to
provide information of privacy and endorsement policies in
XML as in [10]. It is also easy to use and can sustain the
policy stability.
The designation of distributed security policy will consider
the aspect of green technology by using the cloud computing
instead of using firewalls in every host. Cloud computing is a
technology which applies Internet usage with central remote
servers to uphold requests and information. Cloud computing
also is the representation designed for enabling appropriate
network access to the configurable computing properties such
as storage, networks, servers and services. Furthermore, cloud
computing will be able to release with least managing effort

Figure 4 shows the example of rules of security policy

(iptables) that will be illustrated by our research work while
the Figure 5 illustrates the ip6tables.
#ip6tables -A INPUT -p tcp -m tcp --dport 1:21 -j ACCEPT
#ip6tables -A INPUT -p udp -m udp --dport 1:21 -j REJECT --rejectwith icmp6-port-unreachable
#ip6tables -A INPUT -p tcp -m tcp --dport 23:514 -j REJECT --rejectwith icmp6-port-unreachable
#ip6tables -A INPUT -p udp -m udp --dport 23:514 -j REJECT -reject-with icmp6-port-unreachable
Fig. 5 Rules of security policy (ip6tables)

V. RELATED WORKS
Security policies can offer enterprises numerous utilities
such as performing company security risk evaluations,
performing technical weaknesses evaluations, encouraging
and sustaining enterprise policies, security rules, procedures
and strategies and examining for fulfilment as in [11].
Security policies for IPv4 cannot be applied in IPv6
environment. Moreover, clients and tools in both networks
begin to be changing, thus when deploying IPv6 networks,

123

enterprises should create security policy that can afford both

IPv4 and IPv6 networks.
In addition, to distribute the security policy, enterprises
need security server to accomplish the profits of distributed
security policy since it is capable to renew the security policy
for the entire network or particular nodes. The security policy
server is not compulsory to be allocated as an edge tool in
distributed security policy as in [11].
Reference [9] stated that distributed firewalls have benefits
in the view of accessibility and a performance perspective.
The distributed security policy applies a central policy,
however, it enforces the rules toward the network edges as in
[9]. The rules of security policy will define the inbound and
outbound as well as the accessibility of any connectivity that
is authorized by the distributed firewall. Distributed firewall
differs from traditional firewall as it does not only rely on
inside and outside packets to filter, but it focuses on filtering
the IPsec identity of each endpoint.
The option, design and function of a firewall are defined
through the policy as in [3]. There are various types of
distributed firewall that can be used in the enterprises. Firmato
is one of the firewall management toolkit as in [12]. Firmato is
incomplete to handle some allocation interrelate application
domains as in [8]. However, Firmato is capable to isolate
policy from the network topology. That is why, Firmato is
highly considered as a major reference to use in this paper.
The requirements in creating security policy need to be
specified by the enterprise to ensure that it can handle
concurrent nodes activities for different enterprises. Every
enterprise has its own access control policy which determines
who is been given an authorization to modify or access the
security policy of an enterprise. Currently, various enterprises
use the Role-Based Access Control (RBAC) in their
enterprises. But, RBAC is a restricted access control
mechanism that permits and supports the administration of an
enterprise detailed security policy as in [13].
However, the RBAC limitation has been recovered with the
existence of Organization of Role-Based Access Control
(OrBAC) since OrBAC mechanism can manage security
policy, as it is the centre of the conception of organization as
in [14]. By using this mechanism, security policies that are
distributed and applied to the whole enterprise can offer
communication between enterprises branches. In addition,
OrBAC is based on viewpoint sense that allows us to obtain
precedence among facts that stand for the security policy.

applying firewall for access control is still important for

securing the IPv6 deployment. All in all, an appropriate
distributed security policy model using compatible methods
and mechanisms is necessary based on a proper designation of
distributed security policy deployment.
Currently, we are looking into defining security policy
model for IPv6 deployment in enterprise network. Therefore,
for the out coming, there will be an implementation of
distributed security policy model in securing the IPv6
deployment in the enterprise network.

VI. CONCLUSIONS
This paper highlights the distributed firewall technique and
respective policies for securing the IPv6 deployment in the
enterprise networks which include the aspect of green
computing. Since enterprises may have branches and
counterparts all over the region, their policies will possibly be
distributed among these sub networks. An enterprise requires
a complete structure for the consistent handling of all security
aspects.
Security considerations and protection mechanisms must be
part of deployment plans for enterprises network. Hence,

[11]

ACKNOWLEDGMENT
This work was sustained in part by the Fundamental
Research Scheme Grant (FRGS), code project: 600RMI/SSP/FRGS 5/3/Fsp (54/2010). We would like to thank
the reviewers, participants of the research project and other
individuals who have indirectly contributed to this research.
REFERENCES
[1]
[2]

[3]

[4]

[5]
[6]

[7]

[8]

[9]

[10]

[12]

[13]
[14]

(2011)
The
NRO
website.
[Online].
Available:
http://www.nro.net/news/ipv4-free-pool-depleted
B. J. Nikkel, "An introduction to investigating IPv6 networks," The
International Journal of Digital Forensics and Incident Response, vol.
4, 2007.
R. Hunt, "Internet/Intranet firewall security--policy, architecture and
transaction services," Computer Communications, vol. 21, pp. 11071123, 1998.
E. DurdagI and A. Buldu, "IPV4/IPV6 security and threat
comparisons," Procedia - Social and Behavioral Sciences, 2010, vol. 2,
pp. 5285-5291.
X. Ou, S. Govindavajhala, and A. Appel, "Network security
management with high-level security policies," 2010.
A. Ghosh, "In cloud computing we trust - but should we?," in Security
& Privacy. vol. 8 USA: IEEE Computer and Reliability Societies, 2010,
p. 14.
S. Ioannidis, "Security policy consistency and distributed evaluation in
heterogeneous environments," PhD. Computer and Information
Science. dissertation, University of Pennsylvania, Philadelphia, USA,
2005.
A. D. Keromytis, S. Ioannidis, M. B. Greenwald, J. M. Smith, "The
STRONGMAN Architecture," DARPA Information Survivability
Conference and Exposition, vol. I, p. 178, 2003.
I. Sotiris, D. K. Angelos, M. B. Steve, and M. S. Jonathan,
"Implementing a distributed firewall," in Proceedings of the 7th ACM
conference on Computer and communications security Athens, Greece:
ACM, 2000.
S.-C. Chou and C.-H. Huang, "An extended XACML model to ensure
secure information access for web services," Journal of Systems and
Software, vol. 83, pp. 77-84, 2009.
J. Palet, A. Vives, G. Martinez, and A. Gomez, "IPv6 Distributed
Security Requirements," Internet Engineering Task Force InternetDraft, 2005.
B. Yair, M. Alain, N. Kobbi, and W. Avishai, "Firmato: A novel
firewall management toolkit," ACM Trans. Comput. Syst., vol. 22, pp.
381-420, 2004.
D. F. Ferraiolo and D. R. Kuhn, "Role-Based Access Controls," 15th
National Computer Security Conference, 1992, pp. pp. 554 - 563.
A. A. E. Kalam, R. E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y.
Deswarte, A. Miege, C. Saurel, and G. Trouessin, "Organization based
access control," in Policies for Distributed Systems and Networks,
2003. Proceedings. POLICY 2003. IEEE 4th International Workshop
on, 2003, pp. 120-131.

124