Folks, we’re running out of IP addresses. With more people getting online, using more devices, from more parts of the world, we soon won’t be able to allocate enough IPv4 addresses for everyone. That’s the biggest reason we’ll all be moving soon to IPv6.
A few weeks ago, the Internet Society announced “World IPv6 Launch Day” for June 6, 2012. This is about one year after the “IPv6 Day” which test drove IPv6 for many prominent Internet businesses for a 24-hour period. The day was seemingly successful. The major providers reported users could access their sites fine and things were running smoothly.
That may be fine for Google and FaceBook. But how will June 6 affect you, the SMB? Should you be worried about the switch to IPv6?
The answer is “maybe,” or, perhaps, “yes, if you’re not prepared.” In this case, some knowledge and awareness is the key to preparation. There are definitely a few things you should know before the big day.
Don’t Rely on NAT for Obscurity – We’ve been using Network Address Translation to get us around the limited address problem. But with the flood of new addresses available in IPv6, NAT won’t be needed anymore. However, obscurity is a security side bonus of using NAT. You may be using it to hide your servers from the Internet. So before you toss NAT in the dumpster, you may need to rethink or purchase additional equipment to protect IPv6 servers.
Don’t Expect Automatic Encryption with IPv6 – IT professional have been promoting a misconception that IPv6 is inherently more secure than IPv4 because it includes authentication and encryption. Don’t overestimate these security benefits. The truth is IPv6 has many of the same performance problems as IPv4. So if you didn’t encrypt with IPv4, you will have just as much trouble with IPv6. Also, don’t forget you still need to configure and deploy the technology all the same.
Don’t Believe Endless Addresses Drastically Improves Security – Another common misperception is that with IPv6 administrators should assign public IPs to all systems. But if everyone has a public address, doesn’t that make it easier for black hats to access them and exploit any vulnerability? Even though they’d have to scan billions of possible addresses, many administrators end up simply assigning computers predictable addresses. These scans can be greatly optimized with predictive algorithms. And as long as one address is known, like the corporate web server, the rest will come easy.
Don’t Ignore Your Configuration – Making IPv6 too easy to configure may end up being a mistake. Since IPv6 is enabled and functioning by default, most admins won’t bother to disable it if they revert back to IPv4. This means an attacker could use it to communicate between machines and evade any IPv4 or host-based IPv4 firewalls installed. They can also tunnel IPv6 into IPv4 to use one IPv4 server to proxy malicious traffic to your enabled IPv6 network. Scary stuff, I know.
So even though the big providers are optimistic, I’m sure we can expect some growing pains as we transition to IPv6. If you want to avoid these potential security problems, check out this report of all the issues you want to be aware of with the switch to IPv6. June 6 is still a ways away, but you don’t want to be among the SMBs caught on that day with their pants down.
JamesApril 16, 2012 at 1:37 pm
If IPv6 has an impact on security, will this be a useful argument or catalyst for adoption (better start now later doing it later)?