16/11/10
By Sophie Baker
The presence of IPv6-enabled operating systems, smart phones and tablets could reveal new and unrecognised security weaknesses in otherwise secure environments, warns the SANS Institute.
Johannes Ulrich, PhD, chief research officer, said that one of the problems is the accidental implementation of IPv6. “You may already have IPv6 on your network without knowing about or configuring it.”
The Internet Protocol Version 6 succeeds Version 4, and was developed but the Internet Engineering Task Force (IETF) and ratified in 1998. With IPv5 addresses likely to be exhausted within two years based on current consumption rates, the future adoption of Version 6 is a likely one.
“Windows 7, OS X and Linux enable it by default. In the last round of operating system updates, it has tended to be turned on by default,” Ulrich added.
He believes a variety of potential security risks are presented with the growth of mixed IPv4 and IPv6. Attacks designed to exploit IPv6 enabled devices could also be missed by intrusion detection systems that have not been correctly configured to deal with IPv6 traffic.
Paul Nicholson, director of Product Marketing at A10 Networks, agreed that the current number of IP addresses are due to run out soon, although he estimates by the middle of next year, hindering services companies can be offered. “Companies that believe they can put off not running IPv4 and IPv6 addresses in tandem for cost reasons are mistaken: they need to start thinking seriously now about how they are going to transition to IPv6, allowing the two networks to co-exist. If they don’t, their employees and customers will start noticing that there will be certain websites and resources that they will be unable to access or are slower to respond, leading to delays and the inevitable slowdown in productivity.”
