Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Why Everyone Needs to Care About IPv6

Have you considered how you’ll secure your IPv6 infrastructure? Even if you aren’t implementing an IPv6 network, you still need to be concerned about the transition. Here is how can you be sure your network remains protected as the industry moves towards IPv6.

Have you considered how you’ll secure your IPv6 infrastructure? Even if you aren’t implementing an IPv6 network, you still need to be concerned about the transition. Here is how can you be sure your network remains protected as the industry moves towards IPv6.

There’s been a lot of noise around the transition to IPv6, beginning with government mandates as early as 2003, and building up to World IPv6 Day on June 8. While lots of organizations felt mislead by the Y2K hype more than a decade ago, the IPv6 transition has been different. The IPv6 transition has already begun and will continue over dozens of years affecting every organization differently. But one thing every organization shares is that the transition will affect us all and requires some level of preparation in order to maintain the operational integrity we expect and require from our IT infrastructure.

IPv4 to IPv6 ConsiderationsThere are various factors driving the transition from IPv4 to IPv6:

• The pool of available IPv4 addresses has been fully allocated to the regional Internet registries (RIRs) and is nearly depleted

• US federal government agencies and departments are being mandated to integrate IPv6 into their network infrastructures

• Companies serving the federal government, such as defense contractors, Managed Service Providers and Internet Service Providers, have become, in effect, subject to these mandates and need to transition to IPv6 to be in compliance

• Companies in industries building large-scale networks, such as major web companies and communications providers, need to implement IPv6 systems and networks to enable business growth and innovation

If you are subject to the Office of Management and Budget (OMB) or Department of Defense (DoD) IPv6 mandates or if you are in an industry that is in the process of rolling out IPv6 technology, then chances are you’ve been planning for quite some time. You may even be well down the path of defining and developing the architecture and migration strategy, and have begun the actual implementation of IPv6 systems and networks. But have you considered how you’ll secure your IPv6 infrastructure? It isn’t safe to assume that your current security controls, policies and processes will protect your IPv6 environment as well as your IPv4 environment. Most security companies have lagged networking companies in introducing full-fledged IPv6 support.

However, even if you aren’t implementing an IPv6 network, you still need to be concerned about the transition. Most operating systems and many new printers and other network devices are IPv6 enabled, offering a dual-stack configuration to support IPv6 traffic in addition to IPv4. As IPv6-enabled consumer devices such as smartphones and tablets enter your network, intended or not, you now have two potential communication channels you need to worry about. You need to know that your security controls and policies uniformly support IPv4 and IPv6.

Advertisement. Scroll to continue reading.

So how can you be sure your network remains protected as the industry moves towards IPv6? Start by asking your IT security vendors the following questions:

1. Have their solutions satisfied U.S. federal government IPv6 (USGv6) test requirements, demonstrating compliance with IPv6? Designed to protect federal agencies’ investments in IPv6 technologies, the testing program ensures interoperability among all IT and networking components used to build, maintain and secure the IT infrastructure of federal agencies.

2. Can they demonstrate that their solutions work comparably with IPv4 and IPv6 traffic? For example, in the case of IPS/IDS solutions, does the product identify and block IPv6-based attacks as well as IPv4-based attacks?

3. Does their solution support a wide variety of tunneling mechanisms? Tunneling mechanisms, such as 6to4 and Teredo, are transition technologies that enable IPv6 hosts and routers to communicate over IPv4 networks. Some security tools don’t recognize such mechanisms and therefore can’t provide protection.

4. Can their solutions operate and be managed over an IPv6 network? It’s important that you are able to designate an IPv6 IP address to a vendor device and manage it via IPv6 in order to deploy it on an IPv6 network.

5. In the case of vulnerability assessment, network discovery and IPS/IDS tools, are the vendor’s security tools reliant on active vulnerability scanning? Active scanning tools may become crippled under the weight of the incredibly large number of IPv6 addresses available to search.

6. In the case of Firewall policies and access control lists (ACLs) that are configured to block all “IP” traffic, do they in fact block IPv6 traffic as well as IPv4? Some network appliances require extra configuration to deal with IPv6 and use the term “IP” to only refer to IPv4.

IPv6 will enable organizations to build larger, more efficient networks to support growth and innovation. The transition is well underway and every network is becoming an IPv6 network, whether we choose it or not. The transition needs to focus not only on operational issues, but security as well. Identifying controls, solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organization’s security standards.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet