Tuesday, November 29, 2011
Businesses cannot ignore IPv6 any longer
While few end users are operating in native IPv6 instead of IPv4, the growing number of IPv6-enabled devices in corporate, service provider and consumer networks is creating an environment that demands rapid response, Network World reported.
The problem is, according to the news source, that IPv6 has a built-in auto configuration feature that allows routers that are capable of accepting an IPv6 data transit request to accept incoming IPv6 traffic, even if a business has not gone through the migration process. The same goes for Windows Vista and Windows 7, as both operating systems have IPv6 capabilities built into their core functionality.
As a result, the report said a rogue IPv6 router in a company network can accept incoming transmissions for end users with an IPv6-enabled device, giving those individuals access to the corporate network without the organization's knowledge. This is a major security risk that is active even if a business has not made the transition to IPv6. As a result, the report said companies need to quickly move to support the new protocol so they can initiate security protocols within their IPv6 infrastructure.
Industry expert Eric Vyncke told the news source devices capable of supporting IPv6 can be activated with just a single transit request from an end user running the protocol.
"IPv4-only routers and switches don't recognize or respond to IPv6 device announcements, but a rogue IPv6 router could send and interpret this traffic," Vyncke told Network World.
This risk is considerable, as IPv6's auto-configuration can combine with Neighbor Discovery Protocol to create an environment where corporate routers actually advertise their presence to unauthorized users. These automated features make IPv6 far superior to IPv4 when a business has established systems to control them, according to the news source.
Without that protection, companies are rather vulnerable. Within a LAN, the IPv6-compatible router will advertise its presence to any users running an IPv6-enabled device. This is incredibly convenient when an employee wants to access the network easily, but can be equally convenient for a hacker who is sitting in the lobby. Because of this, companies need to move to support IPv6 in a more controlled and secure setup, the report said.
These types of security issues are not uncommon when major new technologies emerge. While many experts agree that IPv6 is more secure than IPv4, businesses may need to work hard to adjust to new threats while making the transition to the new protocol.
Perle’s serial to Ethernet converters connect serial based equipment across an Ethernet network. The Perle IOLAN range of Console Servers, Device Servers and Terminal Servers feature built-in support for IPv6 along with a broad range of authentication methods and encryption technologies.