World IPv6 Day: Why should you care?

gallery

ANALYSIS Given the lukewarm response to panicky reports surrounding the need to switch from IPv4 to IPv6, it would come as no surprise if people didn’t go mad for World IPv6 Day.

Today, however, could make a big impact and rightly so. Just the fact the likes of Google and Facebook are supporting the event should be enough to inspire most aspiring businesses.

The fact is, there is more to the situation than simply IPv4 addresses running out. If companies don’t prepare themselves, they could be shooting themselves in the foot, leaving a wound which won’t heal.

Security worries

One big worry is security and the central issue here is detection.

Cyber criminals could use IPv6 traffic to bypass firewalls and security appliances, some of which will not have been configured to pick up on IPv6.

Hackers have picked up on this already, preparing attacks on firms who haven’t equipped their networks for the switch, according to Qing Li, chief scientist at Blue Coat Systems.

“One of the biggest problems today is attackers are leveraging IPv6 to circumvent security protections and security policies," Li told IT PRO.

“You really have to have the intelligent, security orientated appliances and solutions… to be able to have the visibility and control to secure traffic.”

Li recommended creating secure user policies and accelerating or optimising IPv6-enabled web content to deal with transitional problems.

The move to IPv6 could also cause problems for malware authors themselves.

Another annoyance for IT with IPv6 will be down to consumerisation. Each modern device entering a corporate network will come with a separate IPv6 address, rather than sharing one IPv4 address. This means IT departments will have to keep a closer eye on what those devices are doing.

Despite the concerns, however, the move to IPv6 could also cause problems for malware authors themselves.

“With the introduction of IPv6, the massive amount of possible addresses in a default subnet and additional software tweaks has created new challenges for malware authors and cyber criminals,” Symantec said in a blog post.

“It is now unfeasible to perform brute force IPv6 address scans in order to profile a network or identify a possible attack vector in this way. IPv6 also mitigates a number of existing IPv4 attacks by design.”

IPv6 comes with an added security protocol known as IPsec, which authenticates and encrypts data sent across an IP enabled network, Symantec noted.

Email to a friend

Print this page