Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

Mitigating IPv6 Security Threats

BobGourley
BobGourley
6 Min Read

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools.  Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms.  In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats.

But something new is coming.  The next generation Internet Protocol, known as IPv6 is replacing IPv4.  There are many new features of IPv6 which will aid in network administration and hold the potential of significantly enhancing the functionality of communications systems.   But there are two dangers that require the attention of network administrators:

1) covert attack channels and
2) security monitoring.

Both these dangers can be

More Read

Why Learn R? It’s the language of Statistics
The Top 25 Words of the Decade from 2000 – 2009
The Long Tail
Melissa Hathaway Op-Ed on Cyber Security
NRC Report: Data Mining won’t find the Terrorists

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools.  Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms.  In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats.

But something new is coming.  The next generation Internet Protocol, known as IPv6 is replacing IPv4.  There are many new features of IPv6 which will aid in network administration and hold the potential of significantly enhancing the functionality of communications systems.   But there are two dangers that require the attention of network administrators:

1) covert attack channels and
2) security monitoring.

Both these dangers can be mitigated, but only by CIO/CTO action.

The threat of covert channels is a surprising one.  If you have bought network devices over the last several years you might not know it but they are perfectly capable of running IPv6. If you work in the federal space you have been mandated to buy equipment that is IPv6 capable so your entire infrastructure might be made up of equipment that can run this protocol.  Hackers have engineered tools that let them establish IPv6 network communications on IPv4 networks using this IPv6 capability.  The result, new avenues of attack are opened up, and new covert channels for data extraction are established that current IPv4 networking monitoring devices have a hard time catching.

I’d also like to make an assertion now, one that I hope you can disprove:  If your network has devices capable of running IPv6 and you assume that is not being used, the odds are that unauthorized users are already exploiting you.  Common hacker practices are to use IPv6 to run Internet Relay Chat (IRC) channels over unsuspecting IT enterprises.  Others use that as the covert channel to control tools and there is a very good chance that is happening in your nets today. So, my assertion: If you have not consciously taken steps to mitigate this threat of a covert IPv6 channel in your IPv4 network, you are being used right now.

Another challenge is that even if your IPv6 implementation is intentional, there are few monitoring and event management tools available to security professionals for managing the security posture of the network.  Just because a device was built to contribute security for IPv4 does not means it can help security with IPv6, in fact in most cases legacy security devices will not work with IPv6.

My recommendations:

  • Get smart on IPv6.  You have some experts in your enterprise, but it is time to dive deep into the details yourself, if you have not done so already.
  • Look for capabilities that can detect and mitigate the use of covert IPv6 networks on your IPv4 systems.  I know of only one (Assure6).
  • Plan now for an enhancement in your security tool suite to include new platforms that are IPv6 capable.  Understand that the threat is waiting and when you add IPv6 equipment you have to add security monitoring/defense/DPI.

Link to original post

Share This Article

Follow us on Facebook

Latest News

ai product development
Why Businesses Outsource AI Product Development Companies
Exclusive News
banking tools
The Fintech and Banking Tools Global Entrepreneurs Rely On
Fintech Infographic
business using business intelligence
How to Use a Competitive Intelligence Dashboard to Turn Market Data Into Smarter Marketing Decisions 
Analytics Big Data Exclusive Marketing
fda14abd c869 4da5 943c c036ad8efc2e
How Data-Driven Journalists Are Using API News Apps to Improve Reporting
Big Data Exclusive News

Stay Connected

You Might also Like