Security concerns a critical part of IPv6 migration
Businesses need to seriously consider security when they deploy IPv6 infrastructure.
By Donna DonnowitzJune 15, 2011
World IPv6 Day showed the world that IPv6 migration is possible and the internet can function well when a significant part of the population is using the new protocol. However, that success should not overshadow the importance of updated security protocols to support IPv6.
A recent TechTarget report explains one of the greatest advantages of IPv6 migration is that it offers enough IP addresses that every connected device will be able to have its own address. However, giving each device the ability to communicate directly with networks creates major security challenges that need to be addressed before IPv6 can become a mainstream protocol, the report explained.
While simply dealing with this IPv6 security issue may not be too daunting, it will require a complete shift in many companies' security management strategies, especially since a substantial number of organizations use security protocols designed around identifying rogue IP addresses. While resolving this issue may not be too difficult, the report explained the solution must be implemented while still maintaining IPv4 security systems as both protocols should remain simultaneously active for about a decade, the report said.
Industry expert Qing Li told the news source the significant issues surrounding IPv6 security should not cloud the fact that IPv6 may also make some aspects of network security easier. Li explained that standard brute-force attacks, which typically choose a block of IPv4 addresses and attack it in the hope that some devices will be connected, will be almost impossible to perform in IPv6 networks, because large IP address blocks will be replaced by individual addresses for each device.
Li also warned that IPv6 will make some things easier for hackers.
"With IPv4, we use network address translation [for network-attached devices], and that gives us the benefit of security by obscurity," Li told the news source. "With IPv6, the network infrastructure is wide open, and you need another intelligent appliance on top of the firewall in order to be able to protect the devices."
While NAT helps protect IPv4 addresses by closing the network to some transmissions, a recent PCWorld report said using NAT to convert IPv4 addresses to IPv6 and vice versa could present a major security risk. The report explained that translating an address to a new protocol is comparable to a post office employee switching a letter to a new envelope. While the contents are being moved, they can be easily read by a third-party, according to the report.
A recent TechTarget report explains one of the greatest advantages of IPv6 migration is that it offers enough IP addresses that every connected device will be able to have its own address. However, giving each device the ability to communicate directly with networks creates major security challenges that need to be addressed before IPv6 can become a mainstream protocol, the report explained.
While simply dealing with this IPv6 security issue may not be too daunting, it will require a complete shift in many companies' security management strategies, especially since a substantial number of organizations use security protocols designed around identifying rogue IP addresses. While resolving this issue may not be too difficult, the report explained the solution must be implemented while still maintaining IPv4 security systems as both protocols should remain simultaneously active for about a decade, the report said.
Industry expert Qing Li told the news source the significant issues surrounding IPv6 security should not cloud the fact that IPv6 may also make some aspects of network security easier. Li explained that standard brute-force attacks, which typically choose a block of IPv4 addresses and attack it in the hope that some devices will be connected, will be almost impossible to perform in IPv6 networks, because large IP address blocks will be replaced by individual addresses for each device.
Li also warned that IPv6 will make some things easier for hackers.
"With IPv4, we use network address translation [for network-attached devices], and that gives us the benefit of security by obscurity," Li told the news source. "With IPv6, the network infrastructure is wide open, and you need another intelligent appliance on top of the firewall in order to be able to protect the devices."
While NAT helps protect IPv4 addresses by closing the network to some transmissions, a recent PCWorld report said using NAT to convert IPv4 addresses to IPv6 and vice versa could present a major security risk. The report explained that translating an address to a new protocol is comparable to a post office employee switching a letter to a new envelope. While the contents are being moved, they can be easily read by a third-party, according to the report.
