RIPE IPv6 Security Expert Course Review

Becoming a certified expert

 Posted on 5 May 2025  |  Will Barnes

From March 2025 until March 2028, I am a certified IPv6 Security Expert according to RIPE, the Regional Internet Registry for Europe, the Middle East and Central Asia. You could become one too!

This certification comes from a virtual multiple-choice exam on the contents of the free RIPE NCC Academy IPv6 Security course. The course page claims that it takes around 24 hours to complete; in real time this was a couple of modules each day over the course of a week.

tl;dr: The course covers security considerations raised by IPv6: largely similar to IPv4, with added challenges from the two sets of differing protocols coexisting. This includes details of IPv6 protocols where needed to explain vulnerabilities. I imagine it is primarily useful for network engineers and SOC team members, particularly if you’re configuring networks yourself or implementing tooling which interacts with these protocols. For broader Web security, sections focusing on information exposed at higher levels – e.g. IPv6 addressing architecture (section 2.4) and DHCPv6 (section 3.5) – are most relevant. The labs and animations are particularly good; use RFCs to augment the text.

My personal reasons to take the qualification were to:

  • Acquire knowledge to help ensure security of my own home network;
  • Recap knowledge from my university-level networking courses (Computer Networking and Principles of Communication);
  • Get a fresh perspective on what network security looks like.

…and on those three factors I think it succeeded.

Beyond anything else, I really enjoyed the course: while the quality of explanation varies, the coverage in the curriculum was strong and I came out of it knowing a lot more about IPv6 extension headers and how NDP works in particular. Sometimes seeing how something breaks is the best way of learning how it’s intended to work under normal conditions.

Course overview

A lot of the course is about how relevant protocols (ICMPv6, NDP, MLD, IPsec) work, with a focus on common misconfigurations. It’s really geared towards network operators in companies and SOCs: it includes practical considerations, all the way down to “what features should I be looking for when I’m buying a firewall”.

For people developing software for security on the Internet in general, I’d recommend skimming through section 2.4 about IPv6 addressing architecture and how IPv6 networks can be scanned. The section around DHCPv6 is also worth looking at: the properties of Global Unicast Addresses meaning that bad addressing configuration on a single device can allow that device to be profiled across networks I found a particularly interesting privacy leak.

The main parts I liked were:

  • The animations were very clear.
    • While the text could sometimes be unclear, the animation often has a terse explanation plus a visual example. For example, the smurf attack animation made clear exactly where the amplification factor comes from.
  • You get hands-on exploit experience, and setting the labs up is really easy.
    • The course supplies a Vagrantfile which initialises a VM with a virtual network and 3 hosts connected on it, and guides you through actually spoofing packets and seeing how networking is affected.
    • I really enjoyed watching pings drop after sending my own spoofed announcements, and seeing how quickly service recovered after caches timed out!
  • Each RIPE NCC member organisation gets 3 exam vouchers each year: I got to take this exam at no cost to either me or my employer.

However:

  • I was occasionally misled by explanations in the text.
    • Luckily, it’s a networking course, so the standards are all defined in very clear language in the RFCs! As a tip, if you’re ever confused click through to the RFC and search for anything relevant.
  • Lots of the explanations were going into detail that I didn’t think I was likely to use (e.g. specifics of MLDv1).
    • I can imagine this is more useful for the target audience than for me.
  • While most of the exam was good, there were more “memorise this acronym” type questions than I would have thought ideal.

If you’re at all interested, I’d recommend at least having a flick through the course: it’s free to sign up and look through the materials. Actually taking the exam cost €299 including VAT in 2023 according to RIPE’s Vouchers and Fees page, but at time of writing entry is available only to RIPE NCC members.