ipv6

Security challenges emerge with the launch of IPv6

Start

There is no doubt that the imminent global launch of IPv6 on 6 June 2012 heralds a new era in Internet infrastructure worldwide, both in terms of evolution and widespread adoption.

The days of the IP protocol in its current form (IPv4) are counted. The Internet was widely used by universities, high-tech industries, and government as early as the mid-1990s, but the Internet is of growing interest to businesses and commercial companies - it will be used by a large number of individuals and systems, each expressing different needs.

For example: with the convergence of the computer, networks, audiovisual and entertainment industries, every television set becomes an Internet access device enabling billions of people to practice, for example, video on demand, teleshopping or e-commerce. In these circumstances, the IPv6 protocol (also called IPng for IP new generation) must offer more flexibility and efficiency, solve a variety of new problems and should never be out of address.

The IPv6 protocol reasonably meets the stated objectives. It maintains the best features of IPv4, discards or minimizes the bad ones, and adds new ones when needed.

The world already got a taste of the new protocol last June, on World IPv6 Day. Led by the Internet Society, more than 1,000 Web sites, high-tech companies and ISPs were encouraged to collectively switch to IPv6 over a 24-hour period to "test" the protocol and try to anticipate technical problems that might occur during the official launch.

Why not enjoy unlimited reading of UP'? Subscribe from €1.90 per week.

On June 6, 2012, major high-tech organizations and web leaders such as Google, Facebook and Yahoo! among others, will switch to the new Internet Protocol at the official global launch.

And the transition is becoming more and more necessary. The current IPv4 protocol, which supports about 3.7 billion addresses, has simply exhausted the available address pool, partly due to the explosion of mobile devices. But IPv6, on the other hand, has an unlimited capacity of addresses, allowing it to adapt to a growing global mobile and Internet infrastructure.

However, with the imminent launch of the global IPv6 protocol, IT researchers and professionals are anticipating certain challenges, particularly in the area of security. The innovative aspect and lack of knowledge about IPv6 will inevitably lead to configuration errors, compatibility issues and other implementation blunders. There is no institutional knowledge about IPv6 as there is about IPv4, which has been in use for decades and offers a vast knowledge base.

But perhaps the biggest security challenge is that many network security appliances are capable of transferring IPv6 traffic, but not inspecting it. And, since IPv6 is enabled by default on many current network platforms - such as Windows 7 - these systems are already installed on the network.

Most systems that do not have IPv6 enabled have the ability to work around this problem by encapsulating IPv6 packets with IPv4 headers. They read the header, but cannot read the content of the packet itself. So they can't do the usual deep packet inspection, so they just forward the packets. Only when they have a dual stack implementation, they can allow network security features to simultaneously process and inspect packets from both IPv4 and IPv6 protocols.

Many security vendors offer this feature - but not all - and it is one of the risks facing network security professionals today. They need to ensure that their security products can inspect IPv6 traffic. If they can only forward IPv6 traffic, these products could also forward malicious content.

Even with a dual stack implementation, organizations still need to verify that they have the same security features enabled for IPv4 as for IPv6. If not, network security appliances are likely to miss critical elements of malicious traffic that could potentially compromise the network.

Some of the policies and technologies you rely on can only work in IPv4 and not IPv6, creating gaps in your security coverage. However, upgrading the network security infrastructure to enable IPv6 is not a simple project and will likely take years to be fully completed. That's why many organizations, faced with potentially lengthy and expensive hardware upgrades, do not plan to adopt IPv6 any time soon.

However, companies will not be able to avoid IPv6 for too long. Following the June 5 launch, much more IPv6 traffic will reach their networks. When IPv6 will represent 5 to 10 percent of your data - rather than a fraction of a percent as it is now - avoiding the necessary updates will become much harder to justify. So CIOs will need to address this issue quickly.

To better understand IPv6 : 

To fight against disinformation and to favour analyses that decipher the news, join the circle of UP' subscribers.

 

 {Jacuzzi on}

0 Comments
Inline Feedbacks
View all comments
mesagraph
Previous article

Is Facebook really "too big to fail"?

facebook4
Next article

Facebook falls again: rain of criticisms on a failed IPO

Latest articles from Innovation Economy Archive

JOIN

THE CIRCLE OF THOSE WHO WANT TO UNDERSTAND OUR TIME OF TRANSITION, LOOK AT THE WORLD WITH OPEN EYES AND ACT.
logo-UP-menu150

Already registered? I'm connecting

Inscrivez-vous et lisez three articles for free. Recevez aussi notre newsletter pour être informé des dernières infos publiées.

→ Register for free to continue reading.

JOIN

THE CIRCLE OF THOSE WHO WANT TO UNDERSTAND OUR TIME OF TRANSITION, LOOK AT THE WORLD WITH OPEN EYES AND ACT

You have received 3 free articles to discover UP'.

Enjoy unlimited access to our content!

From $1.99 per week only.
Share
Tweet
Share
WhatsApp
Email