IPv6 and Security: The Threat From Version 4

By Ken Presti
May 21, 2012 6:27 PM ET

Page 1 of 2

The official launch date for IPv6 is right around the corner, making June 6 famous for even more than the historic WW II invasion of Normandy. It might make the invasion of your customers’ networks more possible than ever before.

The higher threat level, according to Carl Herberger, vice president of security at Radware, lies in the fact that while IPv6 will be the new standard at the wide area, the local area will continue to be the near exclusive domain of IPv4. And since the two versions were not designed to co-exist, there are some gaping holes in security.

“You basically need to translate Version 6 to Version 4 and we can do that by encapsulation,” Herberger explained to CRN. “And the encapsulation standards are all over the map. This situation causes problems with security inspections because if I can send an attack that exploits Version 4 vulnerabilities through a Version 6 inspection module, I’ve got a pretty high chance of success because the Version 6 inspection module will not be able to read it. And we haven't been able to resolve this problem yet.

To put it another way, the Version 4 exploits would be effectively carried as a passenger through a security screen geared towards IPv6.

To further complicate matters, Herberger says Version 4 could easily remain widely deployed at the local area for 10 years or beyond, due to the absence of compelling business drivers to force local migrations anytime soon. “This opens up pretty much the full range of exploits because once you pass through the physical inspection module, you are through the perimeter and you have a new opportunity to deliver any payloads the malware producer wants.”

Despite these obvious threats, Herberger still sees IPv6 as a practical necessity given the shortage of IP addresses, as well as the new version's more granular capabilities around queries, enhanced security in non-hybrid environments such as encrypted headers, and additional DNS capabilities.

NEXT: What The IPv6 Launch Means For The Channel

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows