Sign In Register
5G
The Edge
Open RAN
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Optical Networking Digital SymposiumEdge Computing Digital SymposiumNext-Gen Broadband APAC: 5G, 10G & Beyond
Events Archives
Service Provider Security Strategies for the EnterpriseOpen RAN EcosystemNGON & DCI World Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
IP protocols/software

IPv6 Security: 5 Things You Need to Know

News Analysis Carol Wilson, Editor-at-large 8/17/2011
Comment (5)
The switch to IPv6 will not make networks more secure or more vulnerable to attack in and of itself, according to a panel of industry experts. But failing to test equipment and to make sure security features are functioning as planned could leave networks vulnerable during and after the transition to the new numbering plan.

Here are key facts you need to know about IPv6 and network security:

1. The IPv6 protocol suite was designed to be more secure than IPv4, but that doesn't make it automatically so.

Merike Kaeo, chief Network Security architect for Double Shot Security and author of multiple technology papers on IPv6 security, points out that IPv6 was architected to be more secure but that was based on the attacks happening in the late 1990s. For example, IPv6 routers handle fragmenting of packets differently, and the IPv6 protocol spec mandates deployment of IPsec –- the protocol suite that authenticates and encrypts IP packets. Both of those things were designed to enhance security.

But threats have become more sophisticated, and deployments don't always follow the original plans. "For instance, the IPv6 protocol spec mandated that you had to implement IPsec to be compliant," Kaeo says. "But in reality, when people first started implementing IPv6, they weren't always using IPsec, and if they were using it, that doesn't mean they are implementing it properly."

Implementing IPsec properly isn't like "flipping a switch," adds Thomas Maufer, director of Technical Marketing for Mu Dynamics , a testing and application validation company. It requires having a Public Key Infrastructure, which is a repository and management system for digital certificates. Managing those certificates within an enterprise is one thing, but connecting two enterprises is a different level of challenge.

"A lot of operational things are not in place to do IPsec, and that has nothing to do with IPsec or people's best intentions," Maufer says. "Mu has found a number of vulnerabilities with Key negotiation protocols -- these are just software and software is going to have bugs. If you are going to deploy something and you believe it is secure -- you had better be testing it thoroughly to see that it really is."

Next Page: NAT Is Not Security

1 of 4
Next Page
Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
paolo.franzoi 12/5/2012 | 4:56:01 PM
re: IPv6 Security: 5 Things You Need to Know

 


Lots of folks use IP blacklists...which of course become useless with IPv6 until those same blacklists get replicated across.  If you use products that rely on blacklists (For example mail filters from Barracuda Networks) then you are in a world of hurt.


seven


PS - The link that has the page title at the bottom of Page 3 goes back to Page 3 and not on to Page 4.


 
Reply | Post Message | MESSAGES LIST | START A BOARD
paolo.franzoi 12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know

 


I don't disagree with your assertion about the effectiveness of blacklists.  What I was disagreeing with was your assertion that attack vectors once establish become unestablished.  There are new ones all the time.  The bigger issue is that very legitimate sites are often the source of attacks.  Mom and Dad and Junior (1 consumer) is easier to deal with than say a compromised host at CNN or a compromsed ad being displayed by Light Reading (like say a Flash ad).


seven


 
Reply | Post Message | MESSAGES LIST | START A BOARD
jdbower 12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know

I'll grant you spambot blacklists are more effective (but still a bandage on a fundamentally broken system), relying on blacklists for real security verses just spam is much more painful.  Blocking Mom and Dad from accessing MegaBank.com because Junior has illusions of being an Anonymous vigilante is bad business.  Blocking outbound SMTP traffic from a typical consumer IP address doesn't hurt anyone.  Most of the time...
Reply | Post Message | MESSAGES LIST | START A BOARD
jdbower 12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know

"Lots of folks use IP blacklists...which of course become useless with IPv6"


So no change with IPv6, then.  ;)


I've never liked blacklists, attacks come from Internet cafes, anonymous proxies and flash mobs, not static IP addresses.
Reply | Post Message | MESSAGES LIST | START A BOARD
paolo.franzoi 12/5/2012 | 4:56:00 PM
re: IPv6 Security: 5 Things You Need to Know

 


jd,


Actually that is not true.  The C&C hosts and many of the spambots are quite static.  There is also a significant amount of movement. Once a host is compromised and used for attacks, the attackers don't give it up. 


seven


 
Reply | Post Message | MESSAGES LIST | START A BOARD
EDUCATIONAL RESOURCES
sponsor supplied content
Webinar- Delivering on the Promise of Segment Routing
Blog- Fight for Simplicity Blog – An overview of Segment Routing Technology
Blog – SRv6+ Segment Routing Headers - Why We Want Them
Webinar – Delivering on the Promise of Segment Routing with SRover6, SRv6 and SRv6+
Blog – Traffic Engineering Segment Routed Networks with NorthStar Controller
Educational Resources Archive
FEATURED VIDEO
UPCOMING LIVE EVENTS
Optical Networking Digital Symposium
February 16-18, 2021, Digital Symposium
Edge Computing Digital Symposium
February 23, 2021, Digital Symposium
Next-Gen Broadband APAC: 5G, 10G & Beyond
March 4-2, 2021, Digital Symposium
All Upcoming Live Events
UPCOMING WEBINARS
January 21, 2021 Harnessing the 5G Consumer Potential
January 21, 2021 SCTE•ISBE Live Learning Webinar™ Series: Sizing Up the New Cable Tech Landscape
January 26, 2021 The Outlook for Open and Disaggregated Packet and Optical Networks
January 26, 2021 How to Harness 5G’s Edge Computing Power
January 27, 2021 The Critical Role of Timing and Synchronization in 5G TDD Deployments
January 28, 2021 Going from average to “Wow” - How cable MSOs can flip the script on customer satisfaction
February 3, 2021 How to Enable 5G and Private Networks to Drive Industry 4.0
February 4, 2021 Cable's Fiber Outlook – DAA and CIN Strategies
February 16, 2021 Optical Networks Symposium - Day 1
February 17, 2021 How to build high-performance 5G networks with vRAN?
February 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: Making the Most of DOCSIS OFDMA
February 23, 2021 Edge Computing Digital Symposium
March 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: What's New with DAA & Flexible MAC
April 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: Winning with Wireless: Embracing 5G & Wi-Fi 6/6E
May 20, 2021 SCTE•ISBE Live Learning Webinar™ Series: Fighting Fiber with More Fiber
June 17, 2021 SCTE•ISBE Live Learning Webinar™ Series: Putting Next-Gen PON to Work
July 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: 10G or Bust: HFC & the Future Access Network
August 19, 2021 SCTE•ISBE Live Learning Webinar™ Series: Tapping Into the Cloud
September 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Engineering the DOCSIS 4.0 Network (FDX and ESD)
October 21, 2021 SCTE•ISBE Live Learning Webinar™ Series: Lowering the Latency
November 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: How to Test the Next-Gen Cable Network
December 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Virtualizing the Cable Access Network
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
5G and the Sustainable Future: A Look to 2025 By Harri Holma, Nokia Bell Labs Fellow and Peter Merz, Head of Standardization and Research, Nokia Bell Labs
Global LTE Yearly Review 2020: Still in Its Prime By Tian Zhongyi, Chief Editor, China ICT Media
5G-Rich Messaging Is a Potent Upgrade From A2P SMS for Business Messaging By Pamela Clark-Dickson, for ZTE
Embrace 5G to Upgrade Voice and IoT to a New Phase of Development By Zhao Lexuan, People's Posts & Telecommunications Press, China
China Mobile Sichuan Verified Indoor 5G Distributed Massive MIMO in China – First in a Railway Station By Huawei
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
Making sense of the latency alphabet soup By Matt Schmitt, Principal Architect, CableLabs
CommScope CTO: Here are the trends I'm watching in 2021 By Morgan Kurk, EVP, CTO and Segment Leader, Broadband Networks, CommScope
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE