Despite the imminent depletion of the IPv4 address pool and the serious consequences for the IPv4 Internet, there are still many organisations that continue to delay the implementation of IPv6. Whilst the need for IPv4 in some organisations is arguably less than in others, one area that cannot be ignored is the essential need to secure current IPv4 networks against attacks perpetrated through the use of IPv6 and IPv6 transition technologies.
It is undeniable that the vast majority of current TCP/IP networks already include not only IPv6 capability, but also have IPv6 traffic flowing over them. All modern operating systems include IPv6 dual stacks (which also provide backwards compatibility for IPv4). These operating systems, including Windows, Unix and Linux all use IPv6 by default when they can. As a result, current IPv4 networks must be secured against attacks via IPv6 and associated technologies even though they may not have explicitly deployed IPv6.
Whilst, IPv6 in and of itself is to a large extent neither more or less secure than IPv4, it’s existence in a network immediately increases the “attack surface” and therefore the security risks. Since the increased risk is not simply the sum of the two protocols but a complex interaction of IPv4, IPv6, transition mechanisms and other protocols, it is fair to say that the attack surface is somewhat more than doubled by IPv6. Furthermore, IPv6 includes many new features that make it significantly different from IPv4. This not only further increases the “attack surface” but it also means that many new mitigation and security techniques must be learned.
For those who might consider the “increased risk” a reason not to deploy IPv6; remember that IPv6 already exists whether you deploy it or not. Therefore you need to secure against IPv6 threats in your IPv4 networks.
It is essential that network security managers and others responsible for network and system security learn about IPv6 now and implement appropriate security measures as soon as they can. Erion provides the world’s most comprehensive range of IPv6 training. This includes in-depth IPv6 security training, for example, our 3-day Securing IPv6 course.
Copyright Erion Ltd 2010.
This entry was posted on Tuesday, October 19th, 2010 at 9:28 am and is filed under IPv6, Windows Server 2008, Windows Vista, Security, Windows 7, Linux, Cisco IOS. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.