Many organizations have not developed monitoring and defense mechanisms to tackle the security issues of IPv6. Networkworld has compiled a list of some of the biggest security risks with IPv6. Some of the familiar issues circulating the tech world have been “lack of IPv6 training”, “lack of security controls”, “lack of IPv6 support”, and “weak security policies.”
“Lack of IPv6 support” is straightforward to address. Although IPv6 was officially launched on 6 June 2012, adoption has been relatively slow, and only 2% of current Internet traffic is through IPv6. As seen from the list here, the list of IPv6 enabled websites and providers is woefully short. This procrastination of adopting IPv6 is delaying proper identification of security issues, as well as implementation of proper security controls.
If you’re wondering whether you can access IPv6 at home or at work, try going to this link. I conducted the test myself and found out that my current Internet connection is not IPv6 capable. Apparently Comcast has achieved 18% IPv6 deployment as of Nov 2013, but more needs to be done on this front. If I don’t see a change as IPv6 becomes more widespread, I’ll be following up with Comcast about getting an upgrade.
It is well recognized that implementation of any new standard or protocol invites the attention of hackers eager to try to break into the system, and therefore “lack of security controls” makes it to the list of top IPv6 risks. To thwart these malicious actors, we look to implement IPv6 security controls. The status quo is tunneling IPv6 packets over IPv4, and you need to connect to a service provider (which provides IPv6 connectivity) from your network and from there you can access “regular“ IPv6 Internet. This chain of network connections increases security complexity and provides an opening for man-in-the middle and denial of service attacks.
The current infrastructure for network logging also sets up a security risk for the IP transition. Current network logging systems are handling IPv4 traffic with ease. However, IPv4 addresses are stored in a 15-character field, and IPv6 has 128–bit addresses and needs to be stored as a 39-digit string. So, when the current logging system encounters the IPv6 traffic, then either it will crash or only log 15 characters. For security purposes, organizations will also be addressing an updated network logging system to support the longer IPv6 addresses and keep traffic and data safe.
IT professionals have had eons to address IPv4 security issues, but IPv6 technology is a new realm; that’s why “lack of IPv6 training” made the list of top security risks. Enterprises and IT professionals will be well-served by jumping ahead of the curve and getting certified IPv6 training. Well-educated employees at all levels of the company can contribute to well-defined security policies to limit risk and liability.
Transition to IPv6 is inevitable – it is only a question of when. An early transition may give a company the competitive advantage of perfecting the security procedures surrounding the new protocol, and therefore save some time and headache down the road.
To ensure a smooth transition for your operations and customers, it takes proper planning, implementation, and testing of IPv6 addressing for IT organizations. If you have IPv6 transition questions or needs, get in touch with our experts at Mosaic NetworX.