Five of the Biggest IPv6-Based Threats Facing CIOs

The IETF has identified many security threats related to IPv6, the long-anticipated upgrade to the Internet's main communications protocol.

By Carolyn Duffy Marsan
Mon, July 13, 2009
. What's this?

Network World — The IETF has identified many security threats related to IPv6, the long-anticipated upgrade to the Internet's main communications protocol.

Internet's Biggest Issue? IPv6 Transition, New ARIN CEO Says

See what's driving a Florida university to IPv6.

Security concerns around IPv6 deployment are real, although the number of IPv6-based attacks remains small.

"Obviously, as the protocol gets adopted, we're going to see more attacks," says Greg Brown, senior director of McAfee's Network Defense business unit. "Because IPv6 is not broadly deployed, we haven't seen a lot of attacks."

Nonetheless, the number of IPv6-based attacks is on the rise, experts say.

"We're not seeing denial-of-service attacks on IPv6 because most of the targets that people want to attack aren't IPv6,'' says Jason Schiller, senior Internet network engineer, Global IP Network Engineering for the Public IP Network at Verizon Business. But Schiller says he is seeing "quite a bit" of botnet command and control traffic using IPv6.

Invisible IPv6 traffic poses serious network threat 

Schiller says most IPv6 security risks come from bugs in the code, protocol weaknesses and poor implementation by vendors. He says these risks are the result of the network industry not having as much familiarity with IPv6 as it does with IPv4, which has been around for 30 years.

"You turn on IPv6 and don't realize that your firewall doesn't process IPv6 traffic. It just passes it blindly through. Or you forget to set up filters," Schiller explains. "People have to consciously go in and take all the security infrastructure that's been created in IPv4 and mirror image it in IPv6."

Here's a list of the most common IPv6 threats that network vendors are hearing about from their enterprise customers:

1. Rogue IPv6 traffic

Organizations that aren't running IPv6 and don't plan to run it anytime soon, should use their firewalls to block IPv6 traffic from coming in and out of their networks. Most experts say this should be a temporary measure because an increasing amount of Internet traffic is IPv6-based, and organizations don't want to limit access to customers or business partners around the world that will be using IPv6. "What customers need to do within their intrusion-prevention systems or within their firewalls is to explicitly look for IPv6 traffic and drop it,'' says Tim LeMaster, director of systems engineering for Juniper's Federal group.

2. IPv6 tunnels

Three types of IPv6 tunnels —Teredo, 6to4 and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) -- allow IPv6 packets to be encapsulated inside IPv4 packets that can be sent through IPv4-enabled firewalls or network address translation devices. To a network manager, tunneled IPv6 packets look like normal IPv4 traffic. That's why network managers need deep packet inspections systems that can peer into tunnels to examine what's inside of them. Brown says you need to have firewalls and intrusion-prevention systems that "support IPv6 but they also need to support full inspection for the tunneling mode." Brown says he's seen "traditional IPv4 attacks" that take advantage of IPv6 tunneling to enter networks where tunneling traffic wasn't being inspected.

Continue Reading

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Converged Infrastructure for Dummies
As you know, everything is mobile, connected, interactive, and immediate. This is exactly why organizations need a highly agile IT infrastructure in order to keep pace with extreme fluctuations in business demand. This book will help you understand why infrastructure convergence has been widely accepted as the optimal approach for simplifying and accelerating your IT to deliver services at the speed of business while also shifting significantly more IT resources from operations to innovation.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Seven Priorities for Integrated Network Management - How HP Intelligent Management Center Delivers an Enterprise-class Solution
This white paper describes the major requirements for network management solutions to help the organizations become more profitable, efficient and reliable.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Building Cloud-Optimized Data Center Networks white paper
Enterprises are turning to the Cloud to improve business agility, reduce expenses and accelerate business innovation. Cloud computing redefines the way IT assets are deployed and consumed and dramatically affects the way data center networks are architected and managed. Conventional hierarchical data center networks built to support traditional IT architectures can't meet the security, agility and price/performance requirements of virtualized cloud computing environments. This white paper reviews the impact of cloud computing on data center networks and describes HP's approach to building simpler, more secure and automated networks that fully meet the stringent performance, security, reliability and agility demands of the new data center in the Cloud.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
AlertBoot Case Study
When AlertBoot switched to the cloud it needed a load balancing solution that would support its migration and prevent as much downtime as possible. The company chose Riverbed® Stingray™ Traffic Manager to use while transitioning its infrastructure to an entirely virtualized environment. The move was a complete success, at one-third the cost of comparable hardware solutions.
Meridina fly Case Study
Online airline and travel group Meridiana fly needed a faster, more cost-effective way for its growing customer base to book reservations online. They turned to the Riverbed® Stingray™ Traffic Manager, which ensured a fast, responsive website that could cope with increasing high-demand. The company's pages now load much faster, and downtime is a thing of the past.
Gilt Groupe Case Study
With over 5,000 requests per second during peak periods, online retailer Gilt Groupe could lose a large percentage of its daily profits in just 10 minutes of downtime. After choosing the Riverbed® Stingray™ Traffic Manager as its load balancing solution, visits to the site have increased thanks to improved customer satisfaction. Real-time traffic views and tracking also make it easy to strategize and plan for the future.
Webcasts »
Supply Chain Radio: EDI hubs (Send v. Post)
Supply chains require the ability to connect and share information with vendors and partners globally. EDI networks have made this connection possible by allowing various entities to upload information for others to see.
Successful Mobility: Access and Performance Anywhere
Today's workforce is truly mobile. At the office, from customer sites, even at home or in a hotel - their connectivity and application performance needs remain the same. But even though their requirements don't change, the challenges in meeting their expectations do.
Test Drive the Future of Business Communication Today
Traditional communication methods are no longer sufficient to meet the pace of business today. Video Conferencing is an essential business tool. Dimension Data is revolutionizing the process of doing business and making video conferencing fast, simple and affordable.
The Higher-Bandwidth, Lower-Cost Connection of Choice: 10GBASE-T LAN on Motherboard
Learn how Expedient, a cloud provider, is using 10 Gigabit Ethernet to boost its services and rein in costs.
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Oracle Database Appliance Best Practices
Business users increasingly demand 24x7 availability of their data while IT departments face the challenge of ensuring maximum availability while operating with limited budgets.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Converged Infrastructure for Dummies

Seven Priorities for Integrated Network Management - How HP Intelligent Management Center Delivers an Enterprise-class Solution

Building Cloud-Optimized Data Center Networks white paper

AlertBoot Case Study

Meridina fly Case Study

Gilt Groupe Case Study

Comic Relief Case Study

See Tickets Case Study

SnagAJob.com Case Study

STA Travel Case Study

Socialbomb Case Study

Triboo Case Study

Riverbed Stingray Traffic Manager VA Performance on vSphere 4

Traffic Management vSphere Benchmarks on Cisco

ESG Lab Review: HP 3PAR Peer Motion Software

Gartner on the Network Infrastructure Market

Transform Your Network Into a Ubiquitous Enabler for Business

Build versus Buy: The 3PL Technology Dilemma

Collaborate with Your Business Network in the Cloud

Case Study - Rayonier
Sponsored Links

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Click to see how Accenture has delivered high performance to clients

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

High performance. Delivered. Click to see Accenture's client successes

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords