Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Is Your Security Infrastructure Ready for IPv6?

Security experts urge organizations to test IPv6 compatibility across security products and gateways as networks undergo upgrades

If your IT department hasn’t thought about an IPv6 strategy yet, you’re behind the curve. While IPv6 was designed mainly to address the exhaustion of IPv4 addresses, it’s creating several challenges for IT departments in terms of ensuring the end-to-end stability and performance of enterprise IP networks and the Internet as a whole.

Security experts urge organizations to test IPv6 compatibility across security products and gateways as networks undergo upgrades

If your IT department hasn’t thought about an IPv6 strategy yet, you’re behind the curve. While IPv6 was designed mainly to address the exhaustion of IPv4 addresses, it’s creating several challenges for IT departments in terms of ensuring the end-to-end stability and performance of enterprise IP networks and the Internet as a whole.

Q1 Labs, a provider of security intelligence solutions, is urging organizations to look at how Security Information and Event Management (SIEM) systems as well as IPS and IDS are configured as organizations move to IPv6-based networks.

Testing security Solutions for IPv6 compatibility“Not all security software and appliances are set up to deal with fully IPv6 or hybrid environments straight off the bat,” explains Chris Poulin, CSO for Q1 Labs. 

Poulin, who spent eight years in the U.S. Air Force managing global intelligence networks and developing software, believes that many organizations still don’t fully appreciate the IPv6 problem. Internet Protocol Version 6 (IPv6) is designed to succeed Internet Protocol version 4 (IPv4) and was ratified by the Engineering Task Force (IETF) in 1998. The outgoing IPv4 has a theoretical hard limit of 4.3-billion addresses, which is quickly filling up, especially with the growth in smart phones and tablets expected to hit a billion units by the end of the year.

Even though the new protocol has a 128-bit address range (340-undecillion limit) and additional features, adoption of IPv6 is still sluggish. “The move is a significant project for any IT department and security needs to be on the check-list of things to test before making the move,” Poulin urges. “SIEM is actually a good place to test if IPv6 security procedures are feasible and working correctly.”

IPv6 security risks include bugs in code, protocol weaknesses and poor implementations by security and network vendors due to minimal familiarity with the new standard. “Attacks using an IPv6 tunnel on a hybrid network are examples of new threats that might be missed unless organizations start to prepare now for the inevitable change,” Poulin said. “The current pace of change is relatively slow, but it is likely to speed up as large service providers and trading platforms move to IPv6 over the next few years, which could mean that IT departments are suddenly dumped with a project to move with minimal notice — it would be wise to start checking now before the call comes,” Poulin added.

Some believe that IPv6 strategies should even be a board-level concern. “Many believe that the move to IPv6 should be a board-level risk management concern, equivalent to the Y2K problem or Sarbanes-Oxley compliance,” Ram Mohan, EVP and CTO at domain registrar, Afilias wrote in a SecurityWeek column. “During the late 1990s, technology companies worldwide scoured their source code for places where critical algorithms assumed a two-digit date,” Mohan added. “This seemingly trivial software development issue was of global concern, so many companies made Y2K compliance a strategic initiative. The transition to IPv6 is of similar importance. As more companies start to wake up to IPv6, this kind of compliance project will become more widespread.”

“CIOs who have not planned IPv6 transition plans as part of their strategic agenda must act now, or risk the entire enterprise online,” Mohan concluded.

“Even if you aren’t implementing an IPv6 network, you still need to be concerned about the transition,” according to Marc Solomon, SVP of Marketing at Sourcefire. “As IPv6-enabled consumer devices such as smartphones and tablets enter your network, intended or not, you now have two potential communication channels you need to worry about,” he added. “Identifying controls, solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organization’s security standards.”

Related Reading: Is IPv6 Part of Your Risk Management Framework?

Related Reading: No IPocalypse, but the IPv6 Transition Still Presents Risks

Related: Why Everyone Needs to Care About IPv6

Related Reading: World Takes IPv6 for a Test Drive: Is your Organization Prepared for the Risks?

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...