By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
    benefits of data analytics for financial industry
    Fascinating Changes Data Analytics Brings to Finance
    7 Min Read
    analyzing big data for its quality and value
    Use this Strategic Approach to Maximize Your Data’s Value
    6 Min Read
    data-driven seo for product pages
    6 Tips for Using Data Analytics for Product Page SEO
    11 Min Read
    big data analytics in business
    5 Ways to Utilize Data Analytics to Grow Your Business
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Mitigating IPv6 Security Threats
Share
Notification Show More
Latest News
cloud-centric companies using network relocation
Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
Cloud Computing
construction analytics
5 Benefits of Analytics to Manage Commercial Construction
Analytics
database compliance guide
Four Strategies For Effective Database Compliance
Data Management
Digital Security From Weaponized AI
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Security
DevOps on cloud
Optimizing Cost with DevOps on the Cloud
Cloud Computing Development Exclusive IT
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Mitigating IPv6 Security Threats
Uncategorized

Mitigating IPv6 Security Threats

BobGourley
Last updated: 2010/04/03 at 9:03 AM
BobGourley
6 Min Read
SHARE
- Advertisement -

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools.  Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms.  In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats.

But something new is coming.  The next generation Internet Protocol, known as IPv6 is replacing IPv4.  There are many new features of IPv6 which will aid in network administration and hold the potential of significantly enhancing the functionality of communications systems.   But there are two dangers that require the attention of network administrators:

- Advertisement -

1) covert attack channels and
2) security monitoring.

Both these dangers can be …

More Read

big data improves

3 Ways Big Data Improves Leadership Within Companies

IT Is Not Analytics. Here’s Why.
Romney Invokes Analytics in Rebuke of Trump
WEF Davos 2016: Top 100 CEO bloggers
In Memoriam: Robin Fray Carey

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools.  Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms.  In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats.

But something new is coming.  The next generation Internet Protocol, known as IPv6 is replacing IPv4.  There are many new features of IPv6 which will aid in network administration and hold the potential of significantly enhancing the functionality of communications systems.   But there are two dangers that require the attention of network administrators:

- Advertisement -

1) covert attack channels and
2) security monitoring.

Both these dangers can be mitigated, but only by CIO/CTO action.

The threat of covert channels is a surprising one.  If you have bought network devices over the last several years you might not know it but they are perfectly capable of running IPv6. If you work in the federal space you have been mandated to buy equipment that is IPv6 capable so your entire infrastructure might be made up of equipment that can run this protocol.  Hackers have engineered tools that let them establish IPv6 network communications on IPv4 networks using this IPv6 capability.  The result, new avenues of attack are opened up, and new covert channels for data extraction are established that current IPv4 networking monitoring devices have a hard time catching.

I’d also like to make an assertion now, one that I hope you can disprove:  If your network has devices capable of running IPv6 and you assume that is not being used, the odds are that unauthorized users are already exploiting you.  Common hacker practices are to use IPv6 to run Internet Relay Chat (IRC) channels over unsuspecting IT enterprises.  Others use that as the covert channel to control tools and there is a very good chance that is happening in your nets today. So, my assertion: If you have not consciously taken steps to mitigate this threat of a covert IPv6 channel in your IPv4 network, you are being used right now.

Another challenge is that even if your IPv6 implementation is intentional, there are few monitoring and event management tools available to security professionals for managing the security posture of the network.  Just because a device was built to contribute security for IPv4 does not means it can help security with IPv6, in fact in most cases legacy security devices will not work with IPv6.

- Advertisement -

My recommendations:

  • Get smart on IPv6.  You have some experts in your enterprise, but it is time to dive deep into the details yourself, if you have not done so already.
  • Look for capabilities that can detect and mitigate the use of covert IPv6 networks on your IPv4 systems.  I know of only one (Assure6).
  • Plan now for an enhancement in your security tool suite to include new platforms that are IPv6 capable.  Understand that the threat is waiting and when you add IPv6 equipment you have to add security monitoring/defense/DPI.

Link to original post

BobGourley April 3, 2010
Share this Article
Facebook Twitter Pinterest LinkedIn
Share
- Advertisement -

Follow us on Facebook

Latest News

cloud-centric companies using network relocation
Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
Cloud Computing
construction analytics
5 Benefits of Analytics to Manage Commercial Construction
Analytics
database compliance guide
Four Strategies For Effective Database Compliance
Data Management
Digital Security From Weaponized AI
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Security

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

big data improves
Big DataJobsKnowledge ManagementUncategorized

3 Ways Big Data Improves Leadership Within Companies

6 Min Read
Image
Uncategorized

IT Is Not Analytics. Here’s Why.

7 Min Read

Romney Invokes Analytics in Rebuke of Trump

4 Min Read

WEF Davos 2016: Top 100 CEO bloggers

14 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence Chatbots Exclusive
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?