As I mentioned in my last post, World IPv6 Day is taking place on June 8. It is a “test flight” day to assess the connectivity of existing IPv6 hardware and software and an opportunity to remind the industry of the need to begin the transition from IPv4 to IPv6 since the remaining pool of IPv4 addresses is now exhausted. But what concerns should business have as they make the transition. With new technologies there are always complications. Some of the vulnerabilities to watch out for include;
- The fact that IPv6 does not yet implement all the functionality of IPv4.
- IPv6 lacks backward compatible with IPv4; devices build for IPv4 may fail or encounter delays when viewing content from IPv6 sites.
- Under some conditions, IPv6 sites would not show up in a search engine if an engine’s crawler is not IPv6 capable.
- Denial of service attacks could be initiated by using IPv6’s Duplicate Address Detection.
- Denial of service attacks could be created by directing routing headers to route packets over the same link many times.
- Man in the middle attacks could be caused through the use of Rogue Route Advertisements to autoconfigure addresses and default gateways.
- Some devices’ operating systems may unknowingly be IPv6 enabled and thus less secure when running in IPv4 environments.
- The implementation of IPv6 will lead to an increased amount of spam as traditional method for spam screening based on IP addresses becomes obsolete.
- IPv4 Firewalls are not sufficient for handling IPv6 traffic; an IPv6 firewall should be add to enforce IPv6 rules.
- Users with modems and rotors five years or more old will have to upgrade before their ISP switches to IPv6.
- Legacy smartphones and devices may not be recognizable to networks running the new protocol.
- Emails headers could be vulnerable to tampering during the transition from IPv4 to IPV6.
- Many security tools lack IPv6 functionally; using them will not necessarily guarantee the security of a network.
- FTP servers will have to be updated to handle FTP requests from both IPv4 and IPv6.
For more information, see:
IPv6: addressing some security issues