Follow on Google News Industry News Country(s) Industry News
Follow on Google News | Security preparations for IPv6 migration must start nowNew IPv6 enabled operating systems, smart devices and applications could increase risks
By: SANS Institute New IPv6 enabled operating systems, smart devices and applications could increase risks London, UK, November 15th, 2010 - The arrival of a slew of new and upgraded operating systems, smart phones and tablets that are enabled for IPv6 has the potential to open new and unrecognised security weaknesses in otherwise secure environments. According to Johannes Ullrich, PhD, chief research officer for the SANS Institute, “One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it. Internet Protocol Version 6 (IPv6) is designed to succeed Internet Protocol version 4 (IPv4) and was developed by the Internet Engineering Task Force (IETF) and ratified in 1998. The new protocol adds additional features as well as offering a 128-bit address range. Its future adoption is almost certain as available IPv4 addresses are likely to be exhausted within two years based on current consumption rates. “Windows 7, OS X and Linux enables it by default. In the last round of operating system updates, it has tended to be turned on by default.” Ullrich also highlights devices running Apple’s IOS such as iPhone as well as some Google Android devices with IPv6 also enabled by default. In his view, the growth of mixed IPv4 and IPv6 networks, in some cases without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6 enabled devices could also be missed by intrusion detection systems that have not been correctly configured to deal with IPv6 traffic. Ullrich believes that organisations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test and secure any migration strategy. “Many organisations will look at their own networks and not see a big problem staying on IPv4,” he explains. “But say you need to connect to a supplier network in China and they have been forced to move to IPv6 due to running out of addresses, your organisation may have to switch over very quickly.” Ullrich believes that it will take at least about a year for larger organisations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS and monitoring tools will need reconfiguration. The application layer is more problematic: Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold programme, will be covering IPv6 as part of the SECURITY 503 Intrusion Detection In-Depth course at SANS London this November. Ullrich is also running an evening briefing session, which will go into more depth on the subject for attendees of the event. For more information, please visit: http://www.sans.org/ Editors for further information contact:- Anne Harding The Message Machine Tel: 01895 631448 Email: anne@themessagemachine.com End
|
| ||||||||||||||||||||||||||||||||||||||||
