IPv6 security guru fields questions
Although he acknowledges that businesses have yet to embrace IPv6, security guru Scott Hogg says that doesn't mean IT executives can ignore the security problems that the next generation Internet protocol can present. After all, he notes, operating systems such as Microsoft Vista and Linux are already IPv6 capable and thus any networks that use them might be handling IPv6 traffic without their operators' knowledge. In this question and answer session, Hogg, who is also the coauthor of the Cisco-approved IPv6 Security guidebook and who writes regularly for Network World's Cisco Subnet blog, talks about steps that network operators can take to ensure that they don't inadvertently let their network get compromised by stealth IPv6 packets.
[ One of networking's greatest arguments: IPv4 vs. IPv6 ]
You say that a lot of organizations may already have IPv6 running over their networks and not realize it. Can you give me an example of how this happens?
Well it might happen if they have IPv6-capable hosts, meaning that maybe their own network doesn't run IPv6 per se but that traffic can be tunneled over IPv4 systems. If you have machines on your network that run Vista, then that would run both protocols at the same time. And even if your network isn't using the IPv6 stack, there are ways to awaken the IPv6 stack. For instance, Windows XP systems can be configured to run IPv6, so a hacker can turn it on by infecting your machine with some worm that changes your settings.
Can you explain in greater detail what you mean by IPv6 traffic being "tunneled" through IPv4 systems?
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
ipv6
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
