IPv6 tutorial: Understanding IPv6 security issues, threats, defenses

You may not know it, but IPv6 may be the Internet's next superhighway for zero-day attacks. This new guide offers tactics for proactive IPv6 security.

About this guide

The introduction of IPv6 has been slow, but the transition is ramping up amid growing demand for the increased...

address space it offers. However, there are a number of important IPv6 security issues and threats that are often ignored, so now is the time to prepare for a secure transition within your enterprise. This IPv6 tutorial will make understanding IPv6 a bit easier by highlighting those IPv6 security issues, revealing IPv6 security threats and offering tactics to secure IPv6 in your organization.

IPv6 myths: Debunking misconceptions regarding IPv6 security features

By Fernando Gont, Contributor

IPv6, the latest version of the Internet Protocol, is expected to coexist with and eventually replace IPv4, providing a larger address space to support future Internet growth.

You can put off IPv6 and be faced with a really difficult transition down the road, or you can begin to make inroads today.
Andy ChampagneVP, Engineering Akamai Technologies

However, since IPv6 was first specified, a number of myths and fabrications have arisen about IPv6 features in the areas of quality of service (QoS), “plug-and-play” and particularly IPv6 security. Many of these misconceptions have been fueled by IPv6 proponents, who may have thought their marketing-heavy statements would foster IPv6 deployment. Unfortunately, not only did such an attempt fail (as IPv6 is only just now taking hold because v4 addresses are running out), but many of these misconceptions are also believed to be the truth, leading to false expectations regarding IPv6 properties and IPv6 security features.

Read the rest of our IPv6 tutorial featured tip: Debunking misconceptions regarding IPv6 security features

More information on IPv6 security:

NEW -- Analysis: Vast IPv6 address space actually enables IPv6 attacks 
It is widely assumed that, due to IPv6’s increased address space, IPv6 host-scanning attacks would take so much effort and time on the part of the attacker that they are practically unfeasible. However, according to expert Fernando Gont, this is more of an urban legend than a result of a careful analysis.

By reviewing how IPv6 addresses are configured on the Internet, this tip provides a more realistic perspective on the feasibility of IPv6 attacks.

Understanding  IPv6 security issues: IPv6 transition mechanisms
The “new” Internet Protocol, IPv6, is intended to enable virtually unlimited Internet growth in the years ahead. However, since IPv6 is not backwards-compatible with IPv4, a variety of transition/co-existence mechanisms were created so the introduction of IPv6 in the IPv4-dominant Internet, and the co-existence of both protocols, is facilitated.

In this tip, Fernando Gont discusses these IPv6 transition mechanisms, including dual-stack, translation and tunneling, and explains why those mechanisms introduce enterprise IPv6 security issues and concerns.

Requirements for secure IPv6 deployments include better IPv6 tester tools
The lack of available IPv6 tester tools and other IPv6 tools mean most deployments of the protocol are in need of security hardening. More staff training, industry research and improved IPv6 support and tester tools are essential for secure IPv6 deployments in the enterprise.

This article discusses how these factors can affect the security of IPv6 network deployments, and also explains the potential effects of these factors, and suggests possible ways to mitigate these shortcomings and ensure secure deployments of the new protocol.

Lagging IPv6 security features, vulnerabilities could hamper transition
According to security experts, the transition to IPv6 must be carefully planned at the enterprise level because suspect IPv6 security features, configuration issues and software vulnerabilities could weaken network security, and allow the protocol to be exploited by malicious hackers and open sensitive systems to attack.

IPv6 connectivity: Innovations address IPv6 security concerns
IPv6 is coming soon to an enterprise near you, but few organizations have invested much time or effort into understanding how it works, never mind how to secure it. Yet innovative researchers at Virginia Tech have created a tool, Moving Target IPv6 Defense, in order to address IPv6 security concerns and secure IPv6 network communications.

Book chapter: IPv6 implementation security issues
IPv6 is becoming a reality, but the protocol is far from perfect. In this section of Chapter 1 of his new book, IPv6 Security, author Eric Vyncke reviews some vulnerabilities of IPv6, including IPv6 security implementation and deployment issues, and discusses how the network-layer protocol compares with IPv4.

Looming IPv6 transition will strain federal cybersecurity
The heat is on federal agencies to transition to IPv6 and IPv4 address exhaustion approaches and agency managers have to think about IPv6 security vulnerabilities and threats as they migrate from IPv4 to IPv6. Experts suggest the Internet Protocol version 6 transition will not be easy for federal cybersecurity.

VeriSign CSO on new IPv6 threats, 
Internet stability and security

VeriSign CSO Danny McPherson talks 
about the new threats posed by the move 
from IPv4 to IPv6 and the issues hindering 
the the adoption of the next Internet protocol.

Move to IPv6 could help spambots churn out more spam, malware says botnet expert
The global spam volume is down due to the success of blacklisting IP addresses, but, according to malware expert Joe Stewart, antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6.

Security architects fear savvy botnet attacks, IPv6 security issues
Security architects who monitor and manage many of the underlining systems that ensure smooth data flow across the Internet are getting anxious over IPv6 deployments.

While the transition to IPv6 offers a number of benefits, a lack of security support and knowledge of the new protocol could prompt an emerging wave of new botnet attacks targeting underlying systems, according to several security architects responding to a recent survey from Arbor Networks Inc.

Is a transition from IPv4 to IPv6 worth the effort?
Is a transition from IPv4 to IPv6 worth the effort? IPv6 was supposed to provide enhanced security by including IPsec as a standard feature, but this currently isn't enough incentive, because few organizations are currently running the new protocol. Should you follow their lead?

Network security expert Mike Chapple examines whether the transition is worth the effort by discussing what is involved in a transition from IPv4 to IPv6, as well as the potential benefits and setbacks that organizations going through the transition may encounter.

The IPv6 transition: How to ensure cybersecurity
With the pressure on federal IT managers to make the transition to IPv6, organizations are warned to remember the security lessons learned from IPv4's long run. The protocols may be different, but many of the security techniques and technologies are largely the same, and managers must make sure they are incorporated into the new protocol to ensure cybersecurity, according to government IT security experts.

Get ready for IPv6: Five IPv6 security issues to consider
Although IPv6 is a security-enabled protocol, migration from IPv4 can introduce new security risks and threaten an organization's security strategy. Expert Mike Chapple discloses the potential security implications and hazards of migrating to IPv6, and unveils how to ensure a smooth transition without jeopardizing your company's security.

This was last published in June 2011

Dig Deeper on IPv6 security and network protocols security