Wednesday, September 07, 2011
Clarity emerging in IPv6 security
The possibility of IPv6 ushering in a new era of network security issues is considered definite by most experts. The new network protocol dramatically changes many processes, and as a result is expected to create new security problems. These issues may be possible to deal with, especially since IPv6 is inherently more secure in design, but it could be hard to predict what cyber criminals will try to do. Nevertheless, according to a recent Network World report, consistent patterns in IPv6 security exploitation are beginning to emerge.
Representatives from Salient Federal Solutions told the news source a few key vulnerabilities in IPv6 have emerged, and cyber criminals are focusing their efforts on exploiting these weak areas. Among the aspects of the protocol affected by security vulnerabilities are tunneling, routing headers, rogue routing announcements and DNS broadcasting. According to Salient, using deep packet inspection technologies is the best way to deal with these vulnerabilities and protect IPv6-enabled networks.
Lisa Donnan, lead for Salient's Cyber Security Center for Excellence, told the news source the company has identified the list of frequent IPv6-related attacks, but cannot clearly define where the attackers are striking. However, Salient found a clear correlation between IPv6 vulnerabilities and companies deploying IPv6 within an IPv4 network.
According to the news source, Salient has found most IPv6 exploits use the tunneling created by trying to run IPv6 over an IPv4 network. This risk area has been present for at least five years, Salient told Network World. However, it is unclear when more businesses will begin taking greater efforts to protect themselves when migrating to IPv6 infrastructure.
Jeremy Duncan, senior director and IPv6 network architect for Salient, told the news source the company is becoming more concerned with cyber criminals taking advantage of IPv6 tunneling to exploit networks. His concern comes because certain forms of tunneling essentially free hackers to easily access network systems that are supposed to be secure.
Ensuring security within an IPv6-enabled network could prove to be a major challenge. While many industry experts agree that IPv6 is theoretically more secure than IPv4, it is also a consensus that migrating to IPv6 will create a variety of security issues because the protocol is so different than IPv4. As a result, businesses may want to consider increased urgency toward IPv6 migration so they have more time to work out any security issues that may arise before they initiate IPv6 capabilities in their production environments.