World IPv6 Launch Day: Security Vulnerability or Channel Opportunity?

By Ken Presti
June 05, 2012 9:18 PM ET

Page 2 of 3

Infoblox's Liu added that the transition opens new opportunities for channel partners to conduct assessments for customers, looking at all their external-facing gear in terms of what is ready for IPv6 and what needs to be upgraded or replaced in order to enhance security.

“With IPv6 coming online, it's a chance to look at the internal network once again and look beyond the firewall,” he said. “In a few years, IPv6 will be more widely deployed at the customer prem, and we will be moving away from private addressing. Once we move into an environment where we’ve got global unicast addresses on internal networks, this will bring about more scrutiny to the threats at the perimeter of the network.”

The opportunity for assessments makes sense to Bob Hinden, a Checkpoint “fellow” and co-inventor of IPv6.

“You want to make sure that all of your security devices have the proper versions that support IPv6,” Hinden told CRN. “We have many customers who are very conservative about upgrading, but this transition is a very good reason to upgrade,” he said, adding that customers can “then take the next step of creating rules in [their] firewall to ensure consistency with the preferred security policies.”

One potential vulnerability involves the encapsulation of IPv4 traffic over IPv6.

“Encapsulation standards are all over the map,” said Carl Herberger, vice president of security at Radware. “This situation causes problems with security inspections because if I can send an attack that exploits Version 4 vulnerabilities through a Version 6 inspection module, I’ve got a pretty high chance of success because the Version 6 inspection module will not be able to read it. And we haven't been able to resolve this problem yet.”

However, some disagree with this view, pointing to variables in firewall deployment.

“I don't think it's going to be that difficult to address the encapsulation issue,” responded Hinden. “It's about how you deploy the firewall. Security technology has gotten good at going beyond the transport layer. So if you didn't do deep packet inspection or application control or URL control, then this provides another set of things that you need to know about when you're doing those things.”

NEXT: The Good And The Bad

<< Previous | 1 | 2 | 3 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows