Firms warned over IPv6 security risks

World on red alert
4 Apr, 2012

Industry players urge end users to step up security as IPv6 adoption grows.

Companies need to be on their guard against cyber criminals using IPv6 networks to stage attacks, as the number of compatible end point devices in the workplace soars.

This is the view of WAN optimisation vendor Blue Coat Systems, who want firms to upgrade their security strategies to cover IPv6 network vulnerabilities.

The use of IPv6 networks has been gradually rising in recent years as the number of IPv4 addresses has dwindled.

This shift has been gaining momentum since the beginning of the year, when the Internet Society confirmed 6 June as World IPv6 Launch Day.

However, during this transition, it is claimed that some firms are failing to update their network monitoring and security tools to include traffic sent over IPv6 networks. This, it is claimed, is leaving them open to attack.

Speaking to IT Pro, Dave Ewart, director of product management at Blue Coat Systems, explained: “This shift has been gathering momentum for a while, with all the headlines around the fact we are running out of IPv4 addresses,” he said.

“IPv4 will be running in parallel to IPv6, so it would make sense for people to start looking at solutions that are able to monitor both networks," he added.

Not doing so could result in bandwidth issues, as staff use unmonitored IPv6 networks to access restricted material. They could also provide a hiding place for cyber criminal activity, said Ewart.

“By not monitoring IPv6 traffic, businesses may be unaware of the amount of bandwidth that is being used by certain apps or employees that are using iOS devices, for example, in the workplace," said Ewart.

Industry backing

His claims have been backed by several industry players, including Terry Greer-King, managing director of end point security vendor Check Point.

“Because IPv6 now comes as a default option on [most] new server operating system software, end users can inadvertently (or purposefully) create an IPv6 network that is invisible to existing security products,” he said.

David Harley, senior research fellow at anti-virus software vendor ESET, said this is a situation that can be easily avoided.

“The problem is not that IPv6 is intrinsically insecure, it’s the fact that it’s creeping onto sites by default via newer systems, [when businesses] should really have been working on a strategic, enterprise-wide rollout [based on] sound project management,” said Harley.

Marina Gil-Santamaria, director of product marketing management at Ipswitch Network Management, added: “Logging, reporting, and analysing both IPv4 and IPv6 traffic should be done throughout [this] transition [because] attackers do not limit themselves to one protocol."