& cplSiteName &

IPv6 Security: 5 Things You Need to Know

Carol Wilson
8/17/2011
50%
50%

The switch to IPv6 will not make networks more secure or more vulnerable to attack in and of itself, according to a panel of industry experts. But failing to test equipment and to make sure security features are functioning as planned could leave networks vulnerable during and after the transition to the new numbering plan.

Here are key facts you need to know about IPv6 and network security:

1. The IPv6 protocol suite was designed to be more secure than IPv4, but that doesn't make it automatically so.

Merike Kaeo, chief Network Security architect for Double Shot Security and author of multiple technology papers on IPv6 security, points out that IPv6 was architected to be more secure but that was based on the attacks happening in the late 1990s. For example, IPv6 routers handle fragmenting of packets differently, and the IPv6 protocol spec mandates deployment of IPsec –- the protocol suite that authenticates and encrypts IP packets. Both of those things were designed to enhance security.

But threats have become more sophisticated, and deployments don't always follow the original plans. "For instance, the IPv6 protocol spec mandated that you had to implement IPsec to be compliant," Kaeo says. "But in reality, when people first started implementing IPv6, they weren't always using IPsec, and if they were using it, that doesn't mean they are implementing it properly."

Implementing IPsec properly isn't like "flipping a switch," adds Thomas Maufer, director of Technical Marketing for Mu Dynamics , a testing and application validation company. It requires having a Public Key Infrastructure, which is a repository and management system for digital certificates. Managing those certificates within an enterprise is one thing, but connecting two enterprises is a different level of challenge.

"A lot of operational things are not in place to do IPsec, and that has nothing to do with IPsec or people's best intentions," Maufer says. "Mu has found a number of vulnerabilities with Key negotiation protocols -- these are just software and software is going to have bugs. If you are going to deploy something and you believe it is secure -- you had better be testing it thoroughly to see that it really is."

Next Page: NAT Is Not Security

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Beer
12/5/2012 | 4:56:01 PM
re: IPv6 Security: 5 Things You Need to Know


 


Lots of folks use IP blacklists...which of course become useless with IPv6 until those same blacklists get replicated across.  If you use products that rely on blacklists (For example mail filters from Barracuda Networks) then you are in a world of hurt.


seven


PS - The link that has the page title at the bottom of Page 3 goes back to Page 3 and not on to Page 4.


 

paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


 


I don't disagree with your assertion about the effectiveness of blacklists.  What I was disagreeing with was your assertion that attack vectors once establish become unestablished.  There are new ones all the time.  The bigger issue is that very legitimate sites are often the source of attacks.  Mom and Dad and Junior (1 consumer) is easier to deal with than say a compromised host at CNN or a compromsed ad being displayed by Light Reading (like say a Flash ad).


seven


 

jdbower
50%
50%
jdbower,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


I'll grant you spambot blacklists are more effective (but still a bandage on a fundamentally broken system), relying on blacklists for real security verses just spam is much more painful.  Blocking Mom and Dad from accessing MegaBank.com because Junior has illusions of being an Anonymous vigilante is bad business.  Blocking outbound SMTP traffic from a typical consumer IP address doesn't hurt anyone.  Most of the time...

jdbower
50%
50%
jdbower,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


"Lots of folks use IP blacklists...which of course become useless with IPv6"


So no change with IPv6, then.  ;)


I've never liked blacklists, attacks come from Internet cafes, anonymous proxies and flash mobs, not static IP addresses.

paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


 


jd,


Actually that is not true.  The C&C hosts and many of the spambots are quite static.  There is also a significant amount of movement. Once a host is compromised and used for attacks, the attackers don't give it up. 


seven


 

From The Founder
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
AT&T: Creating Dynamic Networks to Meet Business Needs

5|26|17   |   4:24   |   (0) comments


As enterprises need more dynamic networks, service providers need to deliver on-demand, virtual services to meet those needs. AT&T is creating a networking fabric to mix-and-match SDN technologies for enterprise customers, says Roman Pacewicz, AT&T senior vice president for offer management and service integration, in an interview at Light Reading's
LRTV Interviews
EdgeConneX on Industry Headwinds & Tailwinds

5|26|17   |   2:41   |   (0) comments


At Light Reading's Big Communications Event 2017, EdgeConneX CTO Don MacNeil discussed the value of partnerships in the digital world.
LRTV Documentaries
4 Steps Toward a Higher Network IQ

5|26|17   |     |   (0) comments


At the Big Communications Event in Austin, Texas, EXFO CEO Philippe Morin explains how sensors and analytics can boost a network's intelligence and enable on-demand customer experiences. Find more BCE 2017 coverage here.
LRTV Interviews
BT's McRae Sheds Light on 4K Strategy

5|25|17   |   4:45   |   (0) comments


At Light Reading's Big Communications Event 2017 in Austin, Texas, BT Group's Chief Network Architect Neil McRae talks about what it took for BT to broadcast live sports in 4K. Catch up with all our BCE coverage at http://www.lightreading.com/bce.asp.
From the Founder
How the NIA Aims to Advance NFV

5|25|17   |   08:07   |   (1) comment


Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
LRTV Custom TV
Better Solutions That Address Growing Scale

5|25|17   |     |   (0) comments


For Comcast, the X1 rollout and 17-fold increases in broadband speeds in the past 16 years are among factors driving the need for Energy 2020 solutions that reduce cost and consumption, says Mark Hess.
LRTV Custom TV
Ethernity Network Delivers Instant Offloading of Network Functions With All-Programmable Intelligent NIC

5|25|17   |     |   (0) comments


David Levi, CEO of Ethernity Networks, explains that programmability of the hardware makes the company's All-Programmable Intelligent NIC uniquely beneficial for communications service providers that need advanced data appliances with agile support of virtualization. Utilizing the company's patented network processing technology, Ethernity offers data path ...
LRTV Documentaries
BCE 2017: Vodafone Gets Obsessed With Cloud-Native

5|25|17   |     |   (0) comments


Vodafone's Matt Beal updates us on Project Ocean and explains why simple virtualization isn't enough of a goal for network transformation. Catch up with other BCE 2017 keynotes and news at http://www.lightreading.com/bce.asp.
LRTV Documentaries
BCE 2017: Intel's Take on Network Transformation

5|24|17   |     |   (0) comments


In this BCE 2017 keynote, Lynn Comp discusses Intel's vision for areas such as analytics, automation and service assurance. For more videos and BCE coverage, see http://www.lightreading.com/bce.asp.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Cities Clamor for More Clout at FCC
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Sonus & Genband Finally Combine to Form $745M Company
Dan Jones, Mobile Editor, 5/23/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.