* Bugs in new code. Along with any new code will be bugs. And in this case they can be found in the code around NICS, TCP/UDP and networking software libraries that don't fully support IPv6 yet. Technologies such as SIP, VoIP and virtualization can also be vulnerable. At best bugs are an annoyance, at worst they can introduce new vulnerabilities in your network. The remedy, as before, is testing. A test network and a comprehensive test plan will expose defects well enough to isolate them, allow workarounds to be found or to shut down a deployment altogether until they're repaired.
* Absence of NAT. The misconception of NAT is so widespread that its absence in IPv6 is misinterpreted to be a top security risk. It may be comforting to have NATs in v6 environments but in reality they don't provide any added security. The statefulness of the firewall provides security, not the translation of network addresses.
IPv6 security cannot be a simple clone of what's in place for IPv4 that kind of thinking is dangerous. Training must occur, policies must be extended and new tech must be introduced into networks to ward off new threats. The transition from a homogeneous v4 network and network of networks to a heterogeneous v4/v6 reality brings with it new types of traffic and equipment that must be taken into account.
Furthermore since v6 is relatively new and the market for it just beginning, IPv6 security products cannot be expected to be as robust. This makes for interesting and dangerous times between now and when the security around v6 matures and its operators have gained the same level of experience as they currently have with IPv4.
Sign up for CIO Asia eNewsletters.