Mitigating IPv6 Security Threats

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools. Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms. In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats.

But something new is coming. The next generation Internet Protocol, known as IPv6 is replacing IPv4. There are many new features of IPv6 which will aid in network administration and hold the potential of significantly enhancing the functionality of communications systems. But there are two dangers that require the attention of network administrators:

1) covert attack channels and
2) security monitoring.

Both these dangers can be …

1) covert attack channels and
2) security monitoring.

Both these dangers can be mitigated, but only by CIO/CTO action.

The threat of covert channels is a surprising one. If you have bought network devices over the last several years you might not know it but they are perfectly capable of running IPv6. If you work in the federal space you have been mandated to buy equipment that is IPv6 capable so your entire infrastructure might be made up of equipment that can run this protocol. Hackers have engineered tools that let them establish IPv6 network communications on IPv4 networks using this IPv6 capability. The result, new avenues of attack are opened up, and new covert channels for data extraction are established that current IPv4 networking monitoring devices have a hard time catching.

I’d also like to make an assertion now, one that I hope you can disprove: If your network has devices capable of running IPv6 and you assume that is not being used, the odds are that unauthorized users are already exploiting you. Common hacker practices are to use IPv6 to run Internet Relay Chat (IRC) channels over unsuspecting IT enterprises. Others use that as the covert channel to control tools and there is a very good chance that is happening in your nets today. So, my assertion: If you have not consciously taken steps to mitigate this threat of a covert IPv6 channel in your IPv4 network, you are being used right now.

Another challenge is that even if your IPv6 implementation is intentional, there are few monitoring and event management tools available to security professionals for managing the security posture of the network. Just because a device was built to contribute security for IPv4 does not means it can help security with IPv6, in fact in most cases legacy security devices will not work with IPv6.

My recommendations:

Get smart on IPv6. You have some experts in your enterprise, but it is time to dive deep into the details yourself, if you have not done so already.
Look for capabilities that can detect and mitigate the use of covert IPv6 networks on your IPv4 systems. I know of only one (Assure6).
Plan now for an enhancement in your security tool suite to include new platforms that are IPv6 capable. Understand that the threat is waiting and when you add IPv6 equipment you have to add security monitoring/defense/DPI.

Link to original post

You must log in to post a comment.

5 Ways Big Data is Transforming Customer Service

Data Mining Can Be a Game Changer for Small Businesses

Modern Mac Malware Is Worse Than Your Wildest Dreams

The World of Digital Marketing Has Certainly Evolved

Education and the Blockchain – Should We be Teaching Blockchain in Schools?

Leveraging Data with Business Intelligence Analytics Tools

How the Internet of Things is Changing Big Data Analytics

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

6 Ways Big Data Analytics Is Changing the E-Commerce Industry

How to Overcome Data Visualisation Problems

Current Landscape and Applications of Blockchain Explained

How Big Data Is Driving Airline Loyalty Programs

The Enterprise Graph – From Connections To Customer Insights

Can Smart Data Ensure Cybersecurity and Data Protection?

5 Ways Big Data Is Transforming Finance

Big Data is Cutting Spreads and Making Forex Trading More Cost-Effective

Why Every College Student Should Study Predictive Analytics

Dark Data: The hidden billion dollar opportunity

Quality vs Quantity in Customer Service Analytics

4 Customer Retention Metrics for Data-Driven Ecommerce

Emotions: The Next (but not new) Frontier in Artificial Intelligence & Cognitive Computing

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How big data is affecting social media metrics and Facebook ad strategies

Report: Brands Use Advanced Analytics to Reach Double Digit Growth

Dark Data: The hidden billion dollar opportunity

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How to Be a Text Analytics Rock Star in your Organization

Text Analytics: It’s Not Just for BIG Data

The Smart Data Lake Imperative

Data-Driven Facts for Better Blogging

How to Make Site Search a Conversion Tool

Get The Best Out Of Your Marketing Strategy By Integrating Analytics

The Types of Simple Queries Businesses Need to Ask that Spark Growth

How Did Big Data Create a Modern Day Manufacturing Workforce?

The 7 Biggest Data Trends to Watch in Finance for 2017

Taking Data Visibility to the Office Walls

What Led to the Recent Huge Buzz Around Analytics?

Big Data, Data Mining and Machine Learning: Deriving Value for Business

How Can Big Data Solve the Challenges of E-Commerce Personalization?

5 Ways Big Data is Transforming Customer Service

Leveraging Data with Business Intelligence Analytics Tools

Big Data, Data Mining and Machine Learning: Deriving Value for Business

Data Mining Can Be a Game Changer for Small Businesses

Overcoming the Challenges of Big Data Clustering

5 Challenges Your Company Has to Overcome to Succeed in Data Mining

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

How Human Centered Design and Big Data Are Merging in 2017

How to Scale Your Big Data Project Effectively

How to Overcome Data Visualisation Problems

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Taking Data Visibility to the Office Walls

6 Key Capabilities an Embeddable Analytics Software Should Deliver

Dropbox or Box – Which Cloud Storage For Small Businesses

Overcoming the Challenges of Big Data Clustering

What is an Enterprise Data Warehouse?

How Much Is Data Center Downtime Costing You?

Social Media and Big Data Are Creating a New Generation of Millionaires

Can Smart Data Ensure Cybersecurity and Data Protection?

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

Are Instagram Stories a Big Data Goldmine?

The 7 Biggest Data Trends to Watch in Finance for 2017

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Thinking Efficiency: IT, OT, And The Issue Of Migration

Is Big Data Security Still Lacking?

Medical AI Isn’t Just Beneficial – It’s Becoming Necessary

Leveraging Data with Business Intelligence Analytics Tools

How to Apply Agile Marketing Strategies to Data Driven Enterprises

Robots Could Hold Nearly 40 Percent of American Jobs by Early 2030s

Medical AI Isn’t Just Beneficial – It’s Becoming Necessary

Robots Could Hold Nearly 40 Percent of American Jobs by Early 2030s

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

The Enterprise Graph – From Connections To Customer Insights

Will Predictive Analytics and POS Save Small Retailers from Extinction?

Leveraging The Cloud, New Technology and Video To Effectively Manage A Growing Global Workforce

In a World Full of Data, Can Analytics See the Market Trends?

Key Points from Microsoft Dynamics 365 Tech Conference

Customer Feedback and Data Analysis: The Keys to a Good Customer Retention Rate

How Businesses Can Profit From Mobile Apps