Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Risk Warning For IPv6 Migration

SANS Institute : 16 November, 2010  (Technical Article)
The SANS Institute believes that early preparations are required for the forthcoming steady migration process to IPv6 that is likely to take many users by surprise
The arrival of a slew of new and upgraded operating systems, smart phones and tablets that are enabled for IPv6 has the potential to open new and unrecognised security weaknesses in otherwise secure environments.

According to Johannes Ullrich, PhD, chief research officer for the SANS Institute, "One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it.

Internet Protocol Version 6 (IPv6) is designed to succeed Internet Protocol version 4 (IPv4) and was developed by the Internet Engineering Task Force (IETF) and ratified in 1998. The new protocol adds additional features as well as offering a 128-bit address range. Its future adoption is almost certain as available IPv4 addresses are likely to be exhausted within two years based on current consumption rates.

"Windows 7, OS X and Linux enables it by default. In the last round of operating system updates, it has tended to be turned on by default." Ullrich also highlights devices running Apple's IOS such as iPhone as well as some Google Android devices with IPv6 also enabled by default.

In his view, the growth of mixed IPv4 and IPv6 networks, in some cases without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6 enabled devices could also be missed by intrusion detection systems that have not been correctly configured to deal with IPv6 traffic.

Ullrich believes that organisations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test and secure any migration strategy.

"Many organisations will look at their own networks and not see a big problem staying on IPv4," he explains. "But say you need to connect to a supplier network in China and they have been forced to move to IPv6 due to running out of addresses, your organisation may have to switch over very quickly."

Ullrich believes that it will take at least about a year for larger organisations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS and monitoring tools will need reconfiguration. The application layer is more problematic: "It is comparable to the Y2K problem, and there may well be many complex or custom applications that are affected by switching over that need to be tested."

Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold programme, will be covering IPv6 as part of the SECURITY 503 Intrusion Detection In-Depth course at SANS London this November. Ullrich is also running an evening briefing session, which will go into more depth on the subject for attendees of the event.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo