Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Biggest risks in IPv6 security today

Bruce Sinclair, CEO, gogo6 | Nov. 5, 2013
Although IPv6 packets have started to flow, network engineers still tread lightly because of lingering security concerns. Here are the top six security risks in IPv6 network security today as voted by gogoNET members, a community of 95,000 network professionals.

* Bugs in new code. Along with any new code will be bugs. And in this case they can be found in the code around NICS, TCP/UDP and networking software libraries that don't fully support IPv6 yet. Technologies such as SIP, VoIP and virtualization can also be vulnerable. At best bugs are an annoyance, at worst they can introduce new vulnerabilities in your network. The remedy, as before, is testing. A test network and a comprehensive test plan will expose defects well enough to isolate them, allow workarounds to be found or to shut down a deployment altogether until they're repaired. 

* Absence of NAT. The misconception of NAT is so widespread that its absence in IPv6 is misinterpreted to be a top security risk. It may be comforting to have NATs in v6 environments but in reality they don't provide any added security. The statefulness of the firewall provides security, not the translation of network addresses.

IPv6 security cannot be a simple clone of what's in place for IPv4 that kind of thinking is dangerous. Training must occur, policies must be extended and new tech must be introduced into networks to ward off new threats. The transition from a homogeneous v4 network and network of networks to a heterogeneous v4/v6 reality brings with it new types of traffic and equipment that must be taken into account. 

Furthermore since v6 is relatively new and the market for it just beginning, IPv6 security products cannot be expected to be as robust. This makes for interesting and dangerous times between now and when the security around v6 matures and its operators have gained the same level of experience as they currently have with IPv4.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.