Credit: Mikko Lemola / Getty Images For many IT managers, IPv6 (Internet Protocol version 6), the next version of the Internet Protocol, may seem like a far-off concern. But the technology will make its way into corporate IT systems sooner than many people realize, forcing IT departments to confront potential security vulnerabilities inherent in the new protocol, a security consultant warned.Companies need to prepare themselves for IPv6, even if they don’t have plans to upgrade their networks, said Van Hauser, a security consultant and the founder of hacking group The Hacker’s Choice. Hauser discussed security vulnerabilities in IPv6 this week during a presentation at the Hack In The Box Security Conference (HITB) in Kuala Lumpur, Malaysia.“Most people think there’s no IPv6 now, so where’s the problem?” Hauser said. “The thing is if you install any Unix operating system now it comes with IPv6 enabled.” In addition, Microsoft’s Vista operating system, set for release in the coming months, is expected to have support for IPv6 enabled, he said.With support for IPv6 enabled in these operating systems, IT managers need to be prepared to address security issues in the new protocol. “It has the same vulnerabilites as IPv4 (IP version 4). When you thought with IPv6 everything will change in regards to security this is not really the case,” Hauser said. Among the vulnerabilities that IPv6 and IPv4 share is the ability of a hacker to launch a man-in-the-middle attack, Hauser said. In this type of attack, a hacker is able to monitor or insert packets being sent back and forth between two parties, without either one realizing that the network link between them has been compromised by a third party.To secure against vulnerabilities in IPv6, companies must use IPSec (IP Security) on their networks, Hauser said. “If you use IPSec, most of the problems go away,” he said. However, even then networks will not be completely secure. “It’s not that easy. If you do encryption and authentication, it doesn’t mean that security is okay,” Hauser said. “It just narrows down the number of people who can do something.”-Sumner Lemon, IDG News Service (Singapore Bureau)Related Links: Bruce Schneier: We Are Losing IT Security War Security Advances Not Keeping Up With Tech Security Measures Seen Doing More Harm Than GoodCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe