Information
Internet Protocol Version 6 (IPv6) is the most recent version of Internet Protocol (IP). It's designed to supply IP addressing and additional security to support the predicted growth of connected devices. IPv6 is based on 128-bit addressing and can support 340 undecillion addresses, which is 340 followed by 36 zeroes.
Features of IPv6
- Hierarchical addressing and routing infrastructure
- Stateful and Stateless configuration
- Support for quality of service (QoS)
- An ideal protocol for neighboring node interaction
IETF RFC 4038 recommends that applications are built with an assumption of dual stack. It is recommended that IPv6 be enabled and configured in accordance with Benchmark recommendations.
If dual stack and IPv6 are not used in your environment, IPv6 may be disabled to reduce the attack surface of the system, and recommendations pertaining to IPv6 can be skipped.
Note: It is recommended that IPv6 be enabled and configured unless this is against local site policy
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Enable or disable IPv6 in accordance with system requirements and local site policy
Impact:
IETF RFC 4038 recommends that applications are built with an assumption of dual stack.
When enabled, IPv6 will require additional configuration to reduce risk to the system.