The advanced network discovery feature of IPv6 allows Network Administrators to select the paths they can use to route packets. In theory, this is a great enhancement, however, from a Security perspective it becomes a problem. In the event that a local IPv6 Network is compromised, this feature will allow the attacker to trace and reach remote networks with little to no effort.
So where are the vendors that are supposed to protect us against these types of security flaws? The answer is, not very far along. Like most of the industry, the vendors are still playing catch-up. Since there are no urgent mandates to migrate to IPv6, most are developing interoperability and compliance at the industry’s pace.
So the question becomes: will the delay in IPv6 adoption give the hacker community a major advantage over industry? Absolutely! As we gradually migrate to IPv6, the lack of interoperability and support at the application and appliance levels will expose loopholes. This will create a chaotic and reactive circle of patching, on-the-go updates and application revamp to combat attacks.
Regardless of your expertise in IPv4, treat your migration to IPv6 with the utmost sensitivity. There is more to IPv6 than just larger IP blocks. The learning curve for IPv6 is extensive. People can’t be patched as easily as Windows applications, thus staff training should start very early. Many of the fundamental network principles like routing, DNS, QoS, Multicast and IP addressing will have to be revisited. Reliance on given IPv4 security features like spam control and DOS (denial of service) protection will be minimal in the IPv6 space as the Internet ‘learns’ and ‘adjusts’ to the newly allocated IP structure.
It’s essential that your network security posture is of the utmost priority in the migration to IPv6. Stakeholders should take into account the many security challenges associated with IPv6 before deeming it a cure-all security solution.
Jaghori is the Chief Network & Security Architect at L-3 Communications EITS. He is a Cisco Internetwork Expert, Adjunct Professor and industry SME in IPv6, Ethical Hacking, Cloud Security and Linux. Jaghori is presently authoring an IPv6 textbook and actively involved with next generation initiatives at the IEEE, IETF, and NIST. Contact him at email@example.com.