IPv6 Security (Windows Embedded CE 6.0)

Article
01/05/2012

1/6/2010

The TCP/IPv6 stack for Windows Embedded CE has been implemented to avoid the most common security attacks, but some security risks remain. IPv6 has the following potential security risk:

IPv6 is designed to run over a public network, such as the Internet. If the security of IPv6 is compromised, it could expose the device or local network to attacks originating from the public network.

To further protect your device from security attacks, you should follow the security recommendations provided in the subsequent sections.

Best Practices

Make sure that unused services are not running

Make sure that services are not running unless they are required.

Make sure to use encryption and authentication protocols

TCP/IPv6 does not provide any level of encryption. Therefore, it is particularly important to use encryption and authentication protocols when appropriate.

Enable a firewall on your network device

For enterprise environments, Microsoft recommends a network firewall with intrusion protection, such as Microsoft Internet Security and Acceleration (ISA) Server. For more information, visit this Microsoft Web site.

** Windows CE .NET 4.2 and later supports the IP firewall for IPv6. You can enable and configure this firewall by using APIs (programming elements) and registry settings. For more information about the IP firewall, see IP Firewall OS Design Development and IP Firewall Security.**

Clear sensitive data when it is no longer needed

Functions should clear sensitive data from memory and registry settings when the it is no longer needed.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For IPv6 registry information, see TCP/IPv6 Registry Settings.