Well if your new to securing internet facing IOS routers the guys over at Cymru have a rather nice template. It only covers IPv4 but securing both protocols is obviously important.http://www.cymru.com/Documents/secure-ios-template.html
Not everything in the template will apply to every deployment scenario of course but the template is a useful place to start. When adding IPv6 to my router I basically just adapted the the template to IPv6 where appropriate.
! Source routing could let bad people use our router for nasty things so turn it off.
no ipv6 source-route
description Hurricane Electric IPv6 Tunnel Broker
! We don't want bad people to try and SSH into our router over IPv6. (Please tell me your not using telnet.)
ipv6 traffic-filter Block-IPv6-SSH in
! Don't send redirects.
no ipv6 redirects
! Enable RPF verification, this prevents ping pong attacks against the LAN.
ipv6 verify unicast reverse-path
! We should drop traffic bound for IPv6 addresses that should never be on the public internet.
! First is the documentation prefix defined in RFC 3849.
ipv6 route 2001:DB8::/32 Null0
! Next is the unique local address range defined in RFC 4193.
ipv6 route FC00::/7 Null0
! Our SSH blocking ACL.
ipv6 access-list Block-IPv6-SSH
deny tcp any any eq 22
permit ipv6 any any
Of course this only covers securing the router itself. Controlling and securing access to the LAN behind the router is an entirely different matter. Personally I would recommend an ASA series firewall for this purpose if you like Cisco gear. That way you can let your router do the tunneling and routing and let the ASA do the firewall and VPN work.
IPv6 security is something of a new field and I'm sure there are plenty of things that haven't been thought of or discovered yet. So we'll just have to try and secure things as best we can at the moment and see how things play out and make changes as needed.Edit: Added RPF verification to the tunnel interface to prevent ping pong attacks against the LAN. (Especially useful if you are using a /64 on a point to point link to connect the router to a firewall.)