& cplSiteName &

IPv6 Security: 5 Things You Need to Know

Carol Wilson
8/17/2011
50%
50%

The switch to IPv6 will not make networks more secure or more vulnerable to attack in and of itself, according to a panel of industry experts. But failing to test equipment and to make sure security features are functioning as planned could leave networks vulnerable during and after the transition to the new numbering plan.

Here are key facts you need to know about IPv6 and network security:

1. The IPv6 protocol suite was designed to be more secure than IPv4, but that doesn't make it automatically so.

Merike Kaeo, chief Network Security architect for Double Shot Security and author of multiple technology papers on IPv6 security, points out that IPv6 was architected to be more secure but that was based on the attacks happening in the late 1990s. For example, IPv6 routers handle fragmenting of packets differently, and the IPv6 protocol spec mandates deployment of IPsec –- the protocol suite that authenticates and encrypts IP packets. Both of those things were designed to enhance security.

But threats have become more sophisticated, and deployments don't always follow the original plans. "For instance, the IPv6 protocol spec mandated that you had to implement IPsec to be compliant," Kaeo says. "But in reality, when people first started implementing IPv6, they weren't always using IPsec, and if they were using it, that doesn't mean they are implementing it properly."

Implementing IPsec properly isn't like "flipping a switch," adds Thomas Maufer, director of Technical Marketing for Mu Dynamics , a testing and application validation company. It requires having a Public Key Infrastructure, which is a repository and management system for digital certificates. Managing those certificates within an enterprise is one thing, but connecting two enterprises is a different level of challenge.

"A lot of operational things are not in place to do IPsec, and that has nothing to do with IPsec or people's best intentions," Maufer says. "Mu has found a number of vulnerabilities with Key negotiation protocols -- these are just software and software is going to have bugs. If you are going to deploy something and you believe it is secure -- you had better be testing it thoroughly to see that it really is."

Next Page: NAT Is Not Security

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Sabre
12/5/2012 | 4:56:01 PM
re: IPv6 Security: 5 Things You Need to Know


 


Lots of folks use IP blacklists...which of course become useless with IPv6 until those same blacklists get replicated across.  If you use products that rely on blacklists (For example mail filters from Barracuda Networks) then you are in a world of hurt.


seven


PS - The link that has the page title at the bottom of Page 3 goes back to Page 3 and not on to Page 4.


 

paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Sabre
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


 


I don't disagree with your assertion about the effectiveness of blacklists.  What I was disagreeing with was your assertion that attack vectors once establish become unestablished.  There are new ones all the time.  The bigger issue is that very legitimate sites are often the source of attacks.  Mom and Dad and Junior (1 consumer) is easier to deal with than say a compromised host at CNN or a compromsed ad being displayed by Light Reading (like say a Flash ad).


seven


 

jdbower
50%
50%
jdbower,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


I'll grant you spambot blacklists are more effective (but still a bandage on a fundamentally broken system), relying on blacklists for real security verses just spam is much more painful.  Blocking Mom and Dad from accessing MegaBank.com because Junior has illusions of being an Anonymous vigilante is bad business.  Blocking outbound SMTP traffic from a typical consumer IP address doesn't hurt anyone.  Most of the time...

jdbower
50%
50%
jdbower,
User Rank: Light Beer
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


"Lots of folks use IP blacklists...which of course become useless with IPv6"


So no change with IPv6, then.  ;)


I've never liked blacklists, attacks come from Internet cafes, anonymous proxies and flash mobs, not static IP addresses.

paolo.franzoi
50%
50%
paolo.franzoi,
User Rank: Light Sabre
12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know


 


jd,


Actually that is not true.  The C&C hosts and many of the spambots are quite static.  There is also a significant amount of movement. Once a host is compromised and used for attacks, the attackers don't give it up. 


seven


 

Featured Video
From The Founder
Light Reading is spending much of this year digging into the details of how automation technology will impact the comms market, but let's take a moment to also look at how automation is set to overturn the current world order by the middle of the century.
Flash Poll
Upcoming Live Events
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 2, 2017, 8 Northumberland Avenue London
November 10, 2017, The Westin Times Square, New York, NY
November 16, 2017, ExCel Centre, London
November 30, 2017, The Westin Times Square
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Is US Lurching Back to Monopoly Status?
Carol Wilson, Editor-at-large, 10/16/2017
Pai's FCC Raises Alarms at Competitive Carriers
Carol Wilson, Editor-at-large, 10/16/2017
The Big Cable DAA Update
Mari Silbey, Senior Editor, Cable/Video, 10/11/2017
Telecom Italia Covers 73% of Italy With NB-IoT
Iain Morris, News Editor, 10/13/2017
Tribalism Is Rife in Telecom, Too
Iain Morris, News Editor, 10/13/2017
Animals with Phones
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed