Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

4/8/2010

The TCP/IPv6 stack for Windows Embedded CE has been implemented to avoid the most common security attacks, but some security risks remain. IPv6 has the following potential security risk:

IPv6 is designed to run over a public network, such as the Internet. If the security of IPv6 is compromised, it could expose the device or local network to attacks originating from the public network.

To further protect your device from security attacks, you should follow the security recommendations provided in the subsequent sections.

Best Practices

Make sure that unused services are not running

Make sure that services are not running unless they are required.

Make sure to use encryption and authentication protocols

TCP/IPv6 does not provide any level of encryption. Therefore, it is particularly important to use encryption and authentication protocols when appropriate.

Enable a firewall on your network device

For enterprise environments, Microsoft recommends a network firewall with intrusion protection, such as Microsoft Internet Security and Acceleration (ISA) Server. For more information, visit this Microsoft Web site .

Clear sensitive data when it is no longer needed

Functions should clear sensitive data from memory and registry settings when the it is no longer needed.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Notein the registry settings documentation.

For IPv6 registry information, see TCP/IPv6 Registry Settings.