May 20, 2011
IPv6 Security: Problem Child Or Opportunity to Improve?
We see security as a major stumbling block in enterprise migrations from IPv4 to IPv6. For starters, the code is mostly untested, and too few of our current network security products support IPv6, something the black hat community is banking on. And there’s widespread confusion—the idea that some characteristics of IPv6 make it intrinsically more secure than IPv4 is, sadly, just plain false, and information security teams are largely in the dark on how to help their companies safely transition.
Consider the “NAT-bashing” slide, a fixture in IPv6 presentations. Presenters gleefully list all the reasons why Network Address Translation is evil and explain how an abundance of IPv6 addresses will finally let us eliminate what was always supposed to be a temporary address-conservation kludge and get back to a true peer-to-peer Internet. High-fives ensue.
Except, IT security professionals don’t share the enthusiasm. Let’s face it, IPv6 idealists can wave their fists at NAT all they want, but there are legitimate concerns about losing the ability to shield internal address schemes.In this Strategy report, we look into the new security reality as enterprises phase out IPv4. (S2860611)