Black Hat 2007: Vista users urged to beware of IPv6

By Bill Brenner, Senior News Writer 02 Aug 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Hoagland -- along with fellow researchers Matt Conover, Tim Newsham and Ollie Whitehouse -- conducted an extensive analysis of Vista. They found that while Microsoft has significantly improved security in the latest version of Windows, new vulnerabilities were likely created in the process.

Special Black Hat coverage Check out more of SearchSecurity.com's special news coverage of Black Hat USA 2007.

Hoagland said the best example may be Vista's default enabling of Teredo. The software giant has embraced Teredo as a way to help users transition from IPv4, the long-standing protocol that is quickly running short on IP address space, to IPv6, a more advanced protocol that vastly increases the number of IP addresses available to networked devices.

He said Microsoft loves IPv6 because, among other things, it eases the process of setting up peer-to-peer (P2P) gaming programs. But on the down side, IPv6 can also double Vista's possible attack surface -- at least until IPv4 is eliminated. Furthermore, many network security controls may not be ready for IPv6.

Hoagland noted that the Cupertino, Calif.-based Symantec has already discovered one Teredo/IPv6-related flaw in Vista, which Microsoft patched in the MS07-038 security update released last month. According to the researchers, the Teredo interface in Vista was not properly handling certain network traffic, allowing remote attackers to bypass firewall-blocking rules and obtain sensitive information via crafted IPv6 traffic.

For more information Disabling IPv6 in Windows Vista -- Pros and cons: Disabling IPv6 in Windows Vista could prevent performance and security problems, but there are pros and cons. Five IPv6 security issues to consider Ask the Experts: Is a transition from IPv4 to IPv6 worth the effort? More resources on IPv6 security

"There are some serious security implications with Teredo," Hoagland said. "This includes the potential for unexpected host accessibility, phishing and pharming threats and possible peer address disclosure."

Attackers could also exploit Vista's implementation of Teredo to bypass such network security controls as firewalls and intrusion detection-prevention (IDS/IPS) systems. To correct this, Hoagland said security tools need to be reprogrammed so they are specifically aware of Teredo.

"Because it can be so difficult to inspect Teredo, a consensus has been reached [in the information security community] that Teredo should not be used in managed networks," Hoagland said.

To be fair, he said, there are some positives with Teredo. It requires a lot of packet-sanity checks, which can prevent a number of attacks. The program also includes some decent anti-spoofing mechanisms. But for Hoagland, that's not much of a silver lining.

"Disable Teredo and block it on the network," Hoagland instructed, "upgrade your security controls and beware of Teredo tunneling through your network."

Tags: Network Protocols and Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Protocols and Security Security architects fear savvy botnet attacks, IPv6 security issues Twitter domain hijacking highlights DNS security weaknesses How do passwordless SSH keys represent an enterprise attack vector? How to keep networks secure when deploying an 802.11n upgrade Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 5 terms you need to know before you employ VoIP  (SearchSecurity.com) digest authentication  (SearchSecurity.com) IGP  (SearchSecurity.com) IP spoofing  (SearchSecurity.com) Secure Sockets Layer  (SearchSecurity.com) smurfing  (SearchSecurity.com) Transport Layer Security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary