Monday, June 06, 2011
IPv6 security needs to be addressed, report says
Many businesses and service providers are beginning to transition to the new IPv6 protocol. However, significant caution needs to be taken when making the move to make sure security systems are established that function properly when dealing with IPv6.
According to a recent Network World report, IPv6 will eventually mature into a stable and secure internet platform. But, like any new technology, it is bound to experience significant security problems that occur primarily because users are still trying to get accustomed to how it works.
Network address translation is one such security problem, the report said. NAT systems are used to convert incoming IPv6 addresses to IPv4, or vice-versa, depending on the native protocol of the network. The report said this technology is inherently insecure because it exposes data.
To explain this point, the report compared NAT technology to transferring mail. The data packet comes into the network, or metaphorical post office, in an IPv4 envelope. To get to its actual destination, it needs to be transferred into an IPv6 envelope. During the switch, the data packet is exposed and can be read by hackers or anybody else who manages to gain access to the network at the NAT appliance.
IPv6 adoption will also make it hard to maintain security by using IP address management and monitoring. In many networks, access control is accomplished by analyzing blocks of IP addresses and identifying if they are legitimate users or some form of cyber threat, such as a bot. These security programs have become both popular and effective. However, the longer numeric form of IPv6 addresses makes such monitoring systems much more challenging, the report said. As a result, companies need to either give access only to specifically allocated IPv6 addresses, or find another way to simplify how IP addresses are scanned, according to the report.
These security issues can combine with compatibility and other technical problems to make IPv6 migration an arduous process. Therefore, organizations need to move quickly to adopt the new standard. In a recent Inquirer report, industry expert Axel Pawlik said most companies are not moving to IPv6 with enough urgency. Therefore, Pawlik told the news source he hopes enough problems occur during World IPv6 Day to show businesses how complicated IPv6 migration will be. He explained Google estimates 1 percent of network requests will fail during the day, something that should help spur IPv6 adoption.