Page 1 of 2
World IPv6 Day, a global 24-hour test drive of the expanded IPv6 protocol, could potentially expose security vulnerabilities and open up the door for increased attacks, but for now, channel partners say that security concerns are taking a back seat to keeping their customers up and running.
Currently, there are no more available IPv4 addresses from regional Internet registries, spurring the global ‘test drive” of the expanded protocol Wednesday June 8 in preparation for the eventuality of worldwide deployment.
Spearheading the World IPv6 Day effort are major Web-oriented organizations such as Google, Facebook, Yahoo, Akamai and Limelight, which will transition their networks to IPv6 for 24 hours in an effort to identify any interoperability problems, security issues and other potential pitfalls that may occur before larger global migration to the new protocol.
While the new protocol contains some security enhancements, security solution providers say that the IPv6 transition could create security challenges for their customers, exposing more vulnerabilities and increasing the risk of attack.
“From an inherent security posture, the technology certainly opens up the door for some vulnerabilities. We’re hoping the long-term benefits outweigh the potential risk or exposure,’ said Don Edwards, managing partner at Houston, Tex.-based Broadleaf Group.
The biggest security vulnerabilities will likely come in the form of false positives, incoherent analysis and security threats that slip under the radar, security experts say.
"Misconfigurations and trial and error are likely to be big risks and concerns as networks move to IPv6," said Derek Manky, senior security strategist at Fortinet. "Since this is new space, security is typically exposed when complexity is introduced.
Manky added that the growing public space would inevitably create more hideouts for cyber criminals looking to expand their botnets in the future.
"Will we see more vulnerabilities? Yes, as more content is available on IPv6, but not just as a result of today," he said. "IPv6 is inevitable, and there will be new threats with the new protocol over time."
Jonathan Norman, director of security research for Alert Logic, said that hackers have recently launched attacks that targeted networking devices and were installed backdoors.
However, one mitigating factor was that many of the security issues often occurred in the way the protocol was implemented, not in the protocol itself, he said.
“It’s less about the details of the protocol and more about how they’re implementing it,” Norman said.
The yet-to-be-deployed IPv6 protocol is not in fact new, but has actually been around since 1998. As such, hackers have had time to develop several IPv6 vulnerabilities which currently exist in the wild.
According to the Information Systems Security Association, a security researcher Marc Heuse found several vendor platforms contained an IPv6 vulnerability that could enable a denial of service attack against any network segment the hacker could physically access.
The vulnerability enables a hacker to issue a large number of random advertisements, which would consume increasingly more CPU resources to process them. During the DDoS attack, the systems would become unstable and, in Microsoft’s case, require an operating system reboot to address the issue.
While Cisco issued a patch for the flaw in October, Microsoft and Juniper have yet to plug the security hole, according to the ISSA.
In addition, malware authors behind the infamous banking botnet Zeus have “future-proofed” the malware by creating it with IPv6 support for Jabber, POP3 and FTP protocols, ensuring compatibility and survival after world transitions to the more advanced Internet Protocol.
