IPv6: What are the security issues it brings?
By Kukil Bora, SiliconIndia | Wednesday, 02 February 2011, 00:43 Hrs | 7 Comments
The new protocol (IPv6), replacing the existing internet protocol version 4 (IPv4), will increase the capacity for internet domains. While compared to IPv4, IPv6 is certainly new and improved, but there are some security concerns that we need to be aware of. IPv6 is not a superset of IPv4 but an entirely new suite of protocols. With the adoption of the new version come new issues for IT security professionals to deal with. From a security point of view, the new IPv6 protocol represents a considerable advance in relation to the old IPv4 protocol. However, IPv6 still continues to be by far vulnerable.
Currently, the Internet is still mostly IPv4-based. But with more and more networks migrating to the new protocol stack, this scenario is going to change soon. However, the process of migration will not be a short one. It will take quite some time. In the meantime, the desired functionality will be supplied by some form of 6to4 dual-stack. As a result of having two infrastructures with specific security problems, these IPv6-IPv4 dual stacks will increase the potential for security vulnerabilities.
Compared to IPv4, IPv6 packets carry more address information in their headers. Thanks to the new protocol, a device on a network is enabled to denote a particular path in the routing header of the data it sends out. But as data revolves around the network, this could lead to loss of valuable resources.
It's true that scanning for valid host addresses and services is considerably more difficult in IPv6 networks than it is in IPv4 networks, and to effectively scan a whole IPv6 segment may take millions of years. However, it doesn't mean that having a larger address makes IPv6 less vulnerable to flooding issues. Even the lack of broadcast addresses doesn't make IPv6 more secure. New features like multicast addresses continue to be source of problems.
The new IPv6 has a new feature called "mobility", which was absent in the earlier forms of Internet protocols. The feature uses two types of addresses - the real address and the mobile address. The real address is a typical IPv6 address contained in an "extension header". On the other hand, the mobile address is a temporary address contained in the IP header. Because of the characteristics of these networks, the temporary mobile address is more vulnerable to spoofing attacks on the home agent.
There is hardly any doubt that IPv6 will bring considerable improvements compared to the old IPv4 protocol stack. It provides several features that improve not only the overall functionality, but also some specific security functions. But it would be a mistake if it is considered to be an ultimate remedy. Although IPv6 offers better security features like larger address space and the use of encrypted communication, the new protocol also raises significant new security challenges. Surely, the network security professionals have a busy time ahead.