Securing IPv6 is not all that Different than IPv4
Page 1 of 1
With the exhaustion of the public pool of available IPv4 addresses in 2011, the need for networks to move to the next generation IPv6 system of Internet addresses is becoming increasingly important. Moving to IPv6, comes with a host of challenges not the least of which are security related.
While IPv6 provides vastly more address space as well as additional protocol enhancements over IPv4, according to Check Point Fellow, Robert Hinden, IPv6 security isn't all that different from IPv4 security. Hinden is no new comer to IPv6, he's a contributor to the IPv6 protocol specification and has helped lead standardization efforts at the Internet Engineering Task Force (IETF).
"You will want to create an IPv6 security policy that sort of mirrors your IPv4 security policy," Hinden told InternetNews.com. "If you decide to block some set of protocols in or out with IPv4, you will probably want to do that in IPv6."
While many organizations may think that they haven't yet moved to IPv6, Hinden warned that IPv6 capabilities are already available in more places than many users think. Windows 7 for example, supports IPv6 and could enable a user to tunnel IPv6 traffic over a network even if the enterprise as a whole is not officially running IPv6.
"You need to have security tools that look for IPv6 packets and you need to have a policy for what you want to do," Hinden said. "IPv6 tunneling could be happening without the knowledge of the IT group in an enterprise."
Unmonitored IPv6 traffic is likely the greatest risk that IPv6 represents to enterprises today. Since IPv6 support is well deployed in software products today, it could be possible for malware to use it as a back channel for transmission.
"If you don't have security tools that know how to look at IPv6 packets, you won't be aware of the threats," Hinden added.