IPv6: What consequences on IT security?

IPv6: What consequences on IT security?

Tags:    IPV6   IT security

By George Chang, Regional Director, Southeast Asia & Hong Kong, Fortinet | Jul 4, 2011

Like it or not, in the next few years every company will likely have to upgrade every device that is currently connected to its network. This is because of a fundamental technology shift that’s coming to every network around the world called Internet Protocol Version 6 (IPv6).

Simply put, the Internet Protocol assigns “addresses” to individual devices that are attached to a network. Any device attempting to get onto a network or the Internet − be it a laptop, mobile phone, printer, scanner or tablet − must have an address assigned to it in order for it to connect. Not having an address is the equivalent of picking up the phone to call someone, but not receiving a dial tone. The problem on the horizon for networks is that the current Internet Protocol (IPv4) has just run out of new addresses to allocate. IPv6 rectifies this problem by offering an exponentially greater number of new addresses that will carry us many years into the future.

So, while IPv6 will allow us to remain ‘connected’, one can wonder what the implications will be from a security standpoint.

Will this protocol facilitate the propagation of malware?

The number of unique addresses available in IPv6 is considerably higher than in IPv4, representing a total amount of about 3.4x1038 addresses. To get an idea of what such number corresponds to, one can make the following metaphor: if one single Internet address were the size of a grain of sand (1 cubic millimeter), then it would take the equivalent space of 340 millions hollow planets (each being of the size of the Earth) to contain all possible addresses available in IPv6. However, with IPv4, it would only take 4 cubic meters! With that in mind, it is therefore easy to understand that, in IPv6, address scanning becomes virtually impossible. Similarly, it will be rather improbable to identify an assigned address through the random generation of IPv6 addresses.

The positive consequence of this is that network-based threats, as they exist today, will have much more difficulty to propagate. In fact their propagation is based on the random generation of IP addresses. With IPv6, the chance of randomly generating assigned addresses is basically nil. Hackers will therefore have to adapt network-based malware to make it effective in the expanded address space provided by the IPv6 protocol.

Unfortunately, network-based threats are far from representing the majority of malware and the protocol transition does not have any effect on all other types of Internet threats: the ones operating at the application layer level, like worms spread by emails, viruses and bots; or the ones targeting content, like malware delivered via YouTube, Facebook, etc. Those threats, which correspond to the majority of today’s malware, will function the same way and have the same ability to compromise systems, steal data and turn devices into bots.

Will IPv6 make it even more difficult to identify the source of Internet attacks?

Given the almost infinite number of IPv6 addresses, one may think it is now virtually impossible to detect the origin of an attack. The reality is that it will be much easier than it used to be with the IPv4 protocol, since IPv6 requires the support of IPSec (as opposed to IPv4), which is used to authenticate the origin of an IP packet. While this will not prevent attackers from ‘hiding’ behind proxies, it should prohibit the falsification of the original address in the "not connected” protocols (e.g. DP).

The transition to IPv6 will certainly not be an inhibitor for cybercrime to continue to grow at an extortionate rate, with attacks being always more sophisticated and blended in nature. It is therefore critical for all organisations to equip themselves with an effective first line of defense by deploying multi-threat security solutions. This measure combined with greater user education remains the best safeguard against the deviousness and pure innovation of cybercriminals.

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.