Is IPv6 a Security Risk?
Page 1 of 1
As World IPv6 Launch Day dawns on June 6th, IPv6 services will be enabled on thousands of sites around the world and left on. At the core of all those sites and sitting at the heart of the Internet's core infrastructure are 13 root DNS servers. VeriSign is tasked with operating the key A and J route servers. VeriSign is responsible for the .com and .net Top Level Domains and as such the company holds a critical role to play in the safety and security of the Internet as we know it, especially when it comes to IPv6.
While IPv6 has been enabled on VeriSign's infrastructure for some time, Chief Security Officer Danny McPherson in an interview with InternetNews.comadmitted that IPv6 is both an opportunity as well as a potential security risk.
IPv6 Launch Day is the successor event to World IPv6 Dayin 2011. As the free pool of available 32-bit IPv4 address space has been exhausted there is a need for global carriers to move to the larger 128-bit address space that IPv6 provides.
McPherson said that from a risk perspective IPv6 is available today on a large number of devices by default. While IPv6 as an addressing system is available, the challenge comes from a lack of availability for IPv6 security visibility.
"A lot of security devices and controls for Internet infrastructure don't have the same functional parity as IPv4," McPherson said. "So what happens is that you now have systems out there that are listening and accessible with the exact same content as IPv4, but you don't have the same visibility and control to protect those resources."
So what should an enterprise do? McPherson emphasizes that visibility and controls for IPv6 should be on the network before IPv6 is enabled by default on the network.
"If you don't have that visibility into IPv6, you should probably consider explicitly disabling IPv6 on your systems until you can take a very concerted approach to enabling IPv6 in a secure manner," McPherson said.