Will IPv6 Make Us Unsafe?
IT pros who see NAT as essential to network security are worried about a wide-open, any-to-any connection model. Should they be?
We see security as a major stumbling block in enterprise migrations from IPv4 to IPv6. For starters, the code is mostly untested, and too few of our current network security products support IPv6, something the black hat community is banking on. And there's widespread confusion--the idea that some characteristics of IPv6 make it intrinsically more secure than IPv4 is, sadly, just plain false, and information security teams are largely in the dark on how to help their companies safely transition.
Consider the "NAT-bashing" slide, a fixture in IPv6 presentations. Presenters gleefully list all the reasons Network Address Translation is evil, and explain how an abundance of IPv6 addresses will finally let us eliminate what was always supposed to be a temporary address-conservation kludge and get back to a true peer-to-peer Internet. High-fives ensue.
More Infrastructure Insights
- The Untapped Potential of Mobile Apps for Commercial Customers
- Secure Cloud: Taking Advantage of the Intelligent WAN
- The CIO's New Guide To Design Of Global IT Infrastructure
- Mobile File Sharing provides $5M savings on construction project
- IPv6 Security: Problem Child Or Opportunity to Improve?
- The Switch to IPv6: How to Make a Smooth Transition
Except, IT security professionals don't share the enthusiasm. Let's face it, IPv6 idealists can wave their fists at NAT all they want, but there are legitimate concerns about losing the ability to shield internal address schemes.
No wonder, then, that among the sessions InformationWeek Analytics presented at the recent Interop conference, by far the most popular was our program on IPv6 with a focus on security. A quick show of hands revealed that most attendees are still in the planning stages of their deployments, par for the course among companies we work with. The good news is that they can take advantage of the lessons learned by telecom carriers and ISPs, which tend to be well along the road to IPv6. And while many conventional enterprise security systems will need to change to work in a v6 network, the upgrade also provides opportunities for improvement--possibly even an outright reimagining of your security strategy.
A prime opportunity to see how all this works in real life is World IPv6 Day, set for June 8. This is a milestone in the transition from IPv4 to IPv6, when companies including Akamai, Facebook, Google, and Yahoo will offer their content over IPv6 for 24 hours. The event will provide valuable data on connectivity, ranging from simple system misbehavior to the amount of user traffic that will switch to IPv6 when content is available over the 128-bit version of IP. We're also fielding our first InformationWeek Analytics IPv6 Survey now through June 13, to see where our readers are on the migration curve. We'll share our results in an upcoming report.
Become an InformationWeek Analytics subscriber and get our full report on IPv6 security.
This report includes 15 pages of action-oriented analysis including:
- What attackers are looking for in IPv6 networks
- More on the seven critical features in IPv6that affect your secrity stance
- Key ways to mitigate your operational risk