Think Information. Think Security.
Last June 8, 2011, marks 'World IPv6 day', when those websites that have prepared themselves demonstrate their 21st century sites and awareness is raised overall.

In short, IPv6 (internet protocol version six) is the new internet protocol designed to cope with more web addresses and deal with packet transfer more efficiently.

The world day is intended as a test flight for organisations that are in the process of adapting their websites so that they can run them efficiently and determine any issues. According to Qing Li, senior principal engineer at Blue Coat Systems, this will help sort out any issues and help companies to determine their IPv6 readiness.

Nigel Hawthorn, EMEA marketing VP for Blue Coat Systems, said that while IPv4 is not being turned off, this will help businesses realise that they may need to transfer to IPv6.

Some major websites are trialling IPv6 and there is little difference from an end-user perspective. One of those sites is Google, and its network engineer and IPv6 ‘samurai' Lorenzo Colitti said: “We believe this is an important milestone, as IPv6 is the only long-term solution to IPv4 address exhaustion and its deployment is crucial to the continued growth of the open internet.

“Over the past few months, we've been working hard with other industry players to prepare. Operating system vendors and browser manufacturers have been releasing updates to resolve IPv6 connectivity issues. For example, Google Chrome now incorporates workarounds for malfunctioning IPv6 networks and we've seen router manufacturers test their devices for robust IPv6 support as well.

“For our part, we've been busy adding IPv6 support to services that didn't yet have it and fixing minor issues with those that did and since the best way to find bugs in your services is to hammer on them yourself, Google employees have been operating in ‘World IPv6 Day mode' for several months now.”

The development of the internet and its future are all very important, but in terms of security could this be much of an opportunity?

Guillaume Lovet, senior manager of the threat response team at Fortinet, said: “IPv6 migration has a number of advantages, not least the fact that it significantly reduces the instances of address scanning opportunities for malware creators. Indeed, with IPv6, the chance of randomly generating assigned addresses is basically nil.

“Hackers will therefore have to adapt network-based malware to make it effective in the expanded address space provided by the IPv6 protocol. For instance, legendary network worms such as Code Red or Sasser, which somehow paralysed the internet in 2001 and 2004 respectively, would be ineffective in an IPv6 address space.”

Last week, I asked Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab, if we would ever have an open and secure internet. Unsurprisingly he doubted this, saying: “We are finding out since the Kaminsky flaw that stuff on the internet is inherently broken, patching is not efficient so we should make the internet a better solution. So we are missing the boat as we could have addressed this with IPv6, it could have been better but was missed.”

Referring to Schouwenberg's comments, Li said that this was true, as IPv6 itself is not more secure than IPv4 but it was designed with a lot of security in mind during the early designs, based on lessons learned from IPv4.

He said: “For us, today is about collecting data on where users are coming from and whether they are botnets. However this could help generate new attacks and malware as attackers find out about the functionality and find holes in the infrastructure.”

Mark Lewis, director of services development at Interoute, said that security could become the Achilles heel of the IPv6 switchover, as in the IPv4 world securing the LAN from cyber attacks and intrusions are far easier.

He said: “With multiple enterprise devices sharing a single IPv4 address, internet facing devices such as firewalls act as a single point of protection and control. Contrastingly, IPv6 is designed for a world where everything can speak to everything else. With IPv6 becoming ubiquitous; every PC, mobile phone, tablet, printer and vending machine could potentially be an undercover agent inside the office, working to bring down the corporate network.

“For organisations, it could mean they are left wide open to attack given how many of those devices are portable and neither controlled by IT nor sitting inside IT-secured networks.”

A recent Cisco report said that there will be 15 billion devices needing internet connectivity by 2015, two for every person on the planet.

Lewis said that if you consider that each employee has an average of two IP devices, as well as the myriad of infrastructure and personally owned devices in each office, the scale of this task is immense. “We will have no choice but to migrate eventually and those that deploy an effective security strategy early on will be best prepared for a smooth transition,” he said.

Also with some security doubts about IPv6 was Symantec's Cathal Mullaney, who said that the adoption of IPv6 may cause some unforeseen difficulties for firewall software and hardware as they can be bypassed if they do not accurately detect and inspect traffic.

“Unfortunately, as IPv6's profile is raised and we slowly begin implementing the replacement standard, malware authors are certain to take note and begin adapting,” Mullaney said.

From a user and arguably an IT manager perspective, this event will mean very little apart from raised awareness of this huge technological venture. However with a new world comes new criminal opportunity and even if this is addressing a wider internet, there is always a way around the solution.

Editors Note: Cross post from SC Magazine

Leave a Reply.