Jul 062012

The month of July is a classical month for summer holidays in Sweden. Because of that, I’m going to publish a series of shorter notes during July and the beginning of August. For me summer is also a time for self-learning, labs and experiments in my office. We do change stuff around, play with new technologies and applications, challenge ourselves all the time. If you do the same, put IPv6 high on the list for this summer!

Security implications of IPv6 – in PDF and video

The Centre for Protection of National Infrastructure in the UK has published a document, illustrated by an easy to understand video, discussing security implications of IPv6. It doesn’t give you the complete solution, but highlights what you should focus on while adding IPv6 to your network. It starts on page 2 with a summary of the key security concerns:

“There are a number of factors which make the IPv6 protocol suite challenging from a security standpoint.

  • IPv6 implementations are much less mature than their IPv4 counterparts making it likely that a number of vulnerabilities will be discovered and mitigated before their robustness matches that of the existing IPv4 implementations.
  • Security products such as firewalls and Network Intrusion Detection Systems have less support for the IPv6 protocols than for their IPv4 counterparts.
  • A number of transition/co-existence technologies have been developed to aid in the deployment of IPv6 and the co-existence of IPv6 with the IPv4 protocol. These technologies will increase complexity which may introduce new attack vectors in existing networks.
  • Technical personnel have less confidence with the IPv6 protocols than with their IPv4 counterparts. This creates an increased likelihood that security implications are overlooked when the protocols are deployed.”

The whole document is only 10 pages and a good reading for you and your collegues! And if they don’t like to read, make sure they enjoy the video version!

Check your security platform!

Now it’s your turn. Spend some time checking your security platform’s IPv6 support. First check if there is any IPv6 support at all. If not, check the vendor’s web site and see where they are in new products. Secondly, try to understand their architecture and thoughts on how they think customers are going to implement IPv6. Do they support ULA’s on the inside? Do they assume that you use DHCPv6 or not? How do they manage VPN tunnels with IPv6? Any support for NAT in IPv6?  NAT64? Is it possible for you to set it up in a lab environment? If so, then do it. Have fun with IPv6 and lab in your hawaiian shirt and shorts!

Enjoy this summer of IPv6!