Tuesday, May 24, 2011
IPv6 faces some security problems
As a long-term solution, the IPv6 address protocol could improve network security. However, the short-term future for IPv6 offers IT professionals a number of security problems that need to be resolved. These issues are not such that they detract from IPv6's importance, but should be taken seriously when deploying IPv6 infrastructure.
In a recent interview with the Tech Herald, industry expert Asaf Greiner explained that IPv6 creates a number of security hurdles that must be overcome for businesses trying to upgrade their networks to support the new address standard. These issues primarily stem from the technology's youth.
For example, Greiner told the news source many IPv4 security protocols will not work with IPv6. This is not a fact that detracts from the importance of deploying IPv6 infrastructure, but businesses need to recognize that they cannot simply bring their IPv4 security processes to the IPv6 network and expect them to be successful. This presents a problem because IPv6 is still young and specialized security processes and programs are still emerging.
Greiner explained that security protocols dependent on identifying rogue computers will be especially vulnerable as IPv6 emerges.
"The introduction of almost unlimited numbers of IP addresses will create several security problems," Greiner told the Tech Herald. "In an IPv4 environment a rogue computer can almost certainly be associated with a single IP address due to the limited number of addresses available. The same rogue computer operating in an IPv6 internet, though, may have access to a wide range of IP addresses."
Greiner went on to tell the news source attacks could be sent from one of an almost unlimited bank of IP addresses. This makes it difficult to identify which device is threatening the network. As a result, businesses using security protocols dependent on identifying a rogue user could struggle to maintain security if they keep the same systems in place while using IPv6.
While IPv6's relative youth creates some problems for network security, the underlying fabric of the new address protocol could improve security once the bugs have been worked out. According to a recent TVTechnology report, IPv6 gives administrators the freedom to define whether an IP address can be made public. This can negate the dependence on network address translation and allow businesses to extend firewalls to individual devices instead of just blanketing to company's private network.