IPv6: What are the security issues it brings?
Facebook Twitter google+ RSS Feed

IPv6: What are the security issues it brings?

By Kukil Bora, SiliconIndia   |   Wednesday, 02 February 2011, 00:43 Hrs   |    7 Comments
Printer Print Email Email
IPv6: What are the security issues it brings?
Bangalore: Deployment of a new generation of Internet protocols is on its way. As the exhaustion date of all the Internet protocol (IP) addresses is coming closer and closer, the country has directed all internet service providers (ISP) to use the new protocol (version six) from December this year to direct their web traffic. Last year, the DoT had released a national IPv6 deployment roadmap under which all the government departments have to use IPv6 services by March 2012. Even the Web biggies like Google, Facebook and Yahoo have also decided to switch to the newer version of Internet protocol for a day on June 8 this year to show their solidarity to the cause. Incidentally, the day has been christened as the World IPv6 Day.

The new protocol (IPv6), replacing the existing internet protocol version 4 (IPv4), will increase the capacity for internet domains. While compared to IPv4, IPv6 is certainly new and improved, but there are some security concerns that we need to be aware of. IPv6 is not a superset of IPv4 but an entirely new suite of protocols. With the adoption of the new version come new issues for IT security professionals to deal with. From a security point of view, the new IPv6 protocol represents a considerable advance in relation to the old IPv4 protocol. However, IPv6 still continues to be by far vulnerable.

Currently, the Internet is still mostly IPv4-based. But with more and more networks migrating to the new protocol stack, this scenario is going to change soon. However, the process of migration will not be a short one. It will take quite some time. In the meantime, the desired functionality will be supplied by some form of 6to4 dual-stack. As a result of having two infrastructures with specific security problems, these IPv6-IPv4 dual stacks will increase the potential for security vulnerabilities.

Compared to IPv4, IPv6 packets carry more address information in their headers. Thanks to the new protocol, a device on a network is enabled to denote a particular path in the routing header of the data it sends out. But as data revolves around the network, this could lead to loss of valuable resources.

It's true that scanning for valid host addresses and services is considerably more difficult in IPv6 networks than it is in IPv4 networks, and to effectively scan a whole IPv6 segment may take millions of years. However, it doesn't mean that having a larger address makes IPv6 less vulnerable to flooding issues. Even the lack of broadcast addresses doesn't make IPv6 more secure. New features like multicast addresses continue to be source of problems.

The new IPv6 has a new feature called "mobility", which was absent in the earlier forms of Internet protocols. The feature uses two types of addresses - the real address and the mobile address. The real address is a typical IPv6 address contained in an "extension header". On the other hand, the mobile address is a temporary address contained in the IP header. Because of the characteristics of these networks, the temporary mobile address is more vulnerable to spoofing attacks on the home agent.

There is hardly any doubt that IPv6 will bring considerable improvements compared to the old IPv4 protocol stack. It provides several features that improve not only the overall functionality, but also some specific security functions. But it would be a mistake if it is considered to be an ultimate remedy. Although IPv6 offers better security features like larger address space and the use of encrypted communication, the new protocol also raises significant new security challenges. Surely, the network security professionals have a busy time ahead.

Write your comment now
Submit Reset
Reader's comments(7)
1: Cisco is conducting a deep dive technology workshop on IPv6 Security Issues every Engineer should be aware of ! for India Audience by TechWiseTv Geek Chief Jimmy Ray Purser.

IPv6 Security Issues every Engineer should be aware of ! ::

Tuesday, February 22nd - 5:00 PM – 6:00 PM IST

This Cisco Interaction Network Workshop will feature Live Q & A

Register Now - http://bit.ly/IPv6OTH

X-Day. We are officially out of Public Internet Routable IPv4 address. Every engineer looking to migrate towards IPv6 should not only understand this new way of networking, but also the new set of security challenges it poses for us. While it's

true that IPv6 mandates IPSec implementation, it DOES NOT mandate its use. This opens the door to attacks IP type 0 routing header manipulation, transition threats, rogue tunnels, even attacks on your existing IPv4 address space!

Join Cisco's TechWiseTV Chief Geek Jimmy Ray Purser and the rest of Team India as we dig into the reality of these attacks and how they can be prevented on your network. This interactive WebEx Technology Workshop will be based upon

actual IPv6 deployment lessons learned and update security research on IPv6! Bring your questions and arrive early!

IPv6 Engineers are in big demand all over the world! Understanding the security issues already there, can really help launch your career past others! The timing is perfect to start building your career knowledge (and resume!) on IPv6! This is a

complex protocol and it's secure concerns are not theoretical, they are here and now!

Virtual seats are filling up FAST! Reserve yours today!

Join us for a great session sure to enhance your career goals!

Register Now - http://bit.ly/IPv6OTH

Follow on Twitter @cinindia

Join on Facebook www.facebook.com/cinindia

Posted by:Nikhil - 06 Feb, 2011
2: Introduction to IPv6

Microsoft is delivering support for the emerging update to the Internet Layer Protocol through Internet Protocol version 6 (or simply IPv6 (RFC 2460)) for packet-switched inter-networks. IPv4 is currently the dominant Internet Protocol version, and was the first to receive widespread use.

The Internet Engineering Task Force (IETF) has designated IPv6 as the successor to version 4 for general use on the Internet. It significantly increases the size of the address space used to identify communication endpoints in the Internet, thereby allowing it to continue its tremendous growth rate. IPv6 is also known as IPng (IP Next Generation).

Limitations of IPv4

Most of today's internet uses IPv4, which is now nearly twenty years old. IPv4 was remarkably but in spite of that it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet.

The limited address range forces organizations to use Network Address Translation (NAT) firewalls to map multiple private addresses to a single public IP address. NATs does not support standards-based network-layer security and also creates complicated barriers to VoIP, and other services.

The routing tables of Internet backbone routers are becoming larger. A separate routing table entry is needed for each network resulting in a large number of routing table entries.

Security was also an issue for IPv4. Although there are lots of ways of encrypting IPv4 traffic, such as using the IPSec protocol, but unfortunately all of the IPv4 encryption methods are proprietary and no real standard encryption methods exist.
Posted by:sam - 02 Feb, 2011
ya its a very good article for new learners and a good wash up for the experience ones. have a good luck.
Faheem Replied to: sam - 03 Feb, 2011
4: Editor,
Please be specific when to talk on such a HOT topic in networking world. This article is good for people who do not have even a bit of idea about IPv4 or IPv6.

Please write something better next time rather than "just running arround the tree".

Posted by:sam - 02 Feb, 2011
Dear Sam or whoever, I am also a networking engineer and i have found this article very informative. I think either you are a master mind in networking or just a show off. Good one Mr. Bora.
Rony Replied to: sam - 02 Feb, 2011
6: I hope IPV6 will play a good role in future by overcoming all these security concerns.
Posted by:Mohan - 02 Feb, 2011
7: Good insight in IPV6. Compact article giving good amount of details on IPV6 security. Thanks
Posted by:Harsh Mishra - 01 Feb, 2011