World IPv6 Day draws attention to security issues with new protocol

Failure to properly accommodate IPv6's longer address space by network, security, and software vendors can result in vulnerabilities

By , Computerworld |  Networking, IPv6

The moving parts include end-user operating systems, home networks, routers, firewalls, servers, Internet service providers and applications, Zmijewski said. "Despite all the transition planning that has been carried out to date, a lot can go wrong," he wrote.

Many of the problems are likely to stem from the simple fact that IPv6 is far newer and untested compared with IPv4, and that the two protocols will need to also coexist with each other for several years.

One of the biggest potential threats lies in the immaturity of the various implementations of the protocol, said Noa Bar Yosef, senior security strategist with Imperva.

IPv4 addresses are 32-bit numbers while the IPv6 protocol uses 128-bit numbers. The difference is like having a postal system with a 5-digit Zip code, and one with a 9-digit Zip code, she said. Older IPv4 systems are designed to handle smaller sized addresses, whereas IPv6 systems rely on 128 bit addresses.

A failure to properly accommodate the much longer address space in IPv6 by network vendors, security vendors, software makers are others can result in vulnerabilities such as buffer over flow flaws and those that enable denial of service attacks and address spoofing, she said.

Enterprises will also need to support both protocols for several more years in order to ensure that their websites and services are accessible to others and vice versa, and that could be a problem as well.

The tunneling or encapsulation technologies and methods used to enable IPv4 sites and IPv6 sites to communicate with each other during the transition period for instance could be one weak link, said Carl Herberger, vice president of security solutions at Radware.

"The challenge with encapsulation is that there are no standards on the way to encapsulate," which could be a potential security weakness, Herberger said.

Similarly, the memory and processing requirements needed to handle IPv6 address headers. which are four times larger than IPv4 address headers, could also make older network components such as routers and switches easier to 'tip over,' he said.

Core security tools such as firewalls and intrusion detection systems designed for IPv4 networks could trip up in an IPv6 environment.

Many of these are issues that will need to be addressed by vendors of various technologies. However, enterprises also need to be aware of the potential implications and prepare for them said Curran.

Enterprises need to realize that IPv6 is out there," he said. "Whether they have turned it on or not it is important they assess how to deal with it."


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness