Remember World IPv6 launch day back in 2011? Industry efforts to motivate businesses – “begging the world” – to make the transition over to IPv6 from IPv4 were somewhat successful in raising awareness and encouraging greater migrations. Flash-forward to the tail end of 2013: many organizations have yet to make the switch and there are various security issues that remain top of mind before making the IPv6 leap, according to industry experts.
Gogo6 CEO Bruce Sinclair and IPv6 security researcher Joe Klein made the remarks during an episode of The IPv6 Show podcast. While there isn’t a hard deadline set for organizations to make the move to Internet protocol 6, it’s no secret that IPv4 addresses have been virtually exhausted and will need to be replaced. According to the Internet Society , the number of IPv6-connected global has doubled; industry experts note that forward thinking businesses are already looking at ways to make the network transition a smooth one. But citing a recent gogoNET members survey, Sinclair noted that for many network managers, security concerns are still top of mind when it comes to fully adopting IPv6.
The top six security issues include:
Need for stronger IPv6 security training/education programs: Sinclair noted that, much like any technology, organizations need to make the necessary investment in IPv6 awareness and training. You need to first understand what is the role of the security professionals in the organization, said Klein, adding “they really need unique training…you need to have specialized knowledge on how to detect those methods of bad packets.”
Bugs in new code: Concerns over bugs in new code is a real concern but one that should be seen as a “case-by-case basis” and can be overcome by developing a test network and solid testing strategy for IPv6 to expose security flaws and exploits, said Klein.
Absence of network access translation (NAT): “This terrifies customers,” said Klein. Many organizations may feel that NATs are needed in IPv6 environments but their presence don’t necessarily provide additional security, he offered.
Need for streamlined security policies in v4 & v6: At the moment, organizations feel that v6 security policies aren’t yet at the level of their IPv4 counterparts. Understanding all the security implications of IPv6 — around dual stack and tunneling — and how they differ from IPv4 is essential, noted Klein.
Security device bypass via unfiltered IPv6 and tunneled traffic: The concern here, both noted, is around detecting suspicious IPv6 packets and applying the appropriate controls – organizations may not feel that current security solutions can be extended to handle unknown tunnel traffic in this type of environment. Implementing IPv6 comes down to greater visibility, proper controls and understanding all the various upper layer tunnels and transition methods. People are using security products and controls specifically designed for IPv4 environments, said Klein, and trying to apply them to an IPv6 world.
Lack of IPv6 support at ISPs and vendors: The level of maturity needs to improve when it comes to applications and IPv6 security functionality and robustness. This involves network testing and the development of native IPv6 connections, offered Klein.
Download the Allstream white paper: Planning A Transition To IPv6.