IPv6 Security Issues – Concerns for Transition
IPv6 is coming. It is inevitable. In case you are not quite aware about IPv6, let us first present some basic stuff.
Internet makes use of IP addresses to identify different machines and devices connected to it. Every machine or device is assigned a unique IP address for its identification on the network. The present system IPv4 is based upon 32 bit IP Addressing, which allows us to address a whopping 4.3 billion devices uniquely. But with the explosive growth of technology, this huge number is also getting exhausted.
And next level of IP Addressing has been developed, which is based upon 128 bits and is termed as IPv6. It extends the space to 3.4 x 1038 addresses, which is expected to serve us for the long time to come.
Great. But this post is specific to discuss some of the security issues and concerns, which are to be addresses during this transition to IPv6 addressing system as given below. For the sake of convenience, we have divided them into two categories – General Issues and Technical Issues.
General Security Issues in IPv6:
- Large space means more places to hide: The present IPv4 system allows security researchers and vendors to scan the IP space for possible attackers and vulnerabilities. With the spread of IPv6, virtually unlimited space will be available for the attackers to hide and do the damage. Finding them and countering their threats is going to be a nightmare for the security people, at least during the transition period.
- Upgradation of Security Infrastructure: The transition from IPv4 to IPv6 will require massive change of technology. It would need lots of infrastructure, both in terms of hardware and software to be upgraded. Some of the organizations may lack the initiative and motivation to fund the bills and efforts required.
- Unawareness about the Threats: At least during the transition phase, many organizations may not be fully seized of the threats and vulnerabilities, which the changed architecture may bring in. Even if they are willing to plug-in the holes and vulnerabilities, it will take some time before they discover, what exactly is to be done for the secured transition from IPv4 to IPv6. By the time they get aware and take corrective steps, the damage might have already been done.
Technical Security Issues in IPv6:
- Dual Stacking: As has already been noted, it will take time for the organizations to transit from IPv4 to IPv6. And this is a fact that IPv4 systems and IPv6 systems are not compatible. So, during this transition period, many protocols are to be duplicated. Even the security protocols are to get duplicated to cater for both types of networks. This increases the chances of errors and cause security vulnerabilities.
- Tunneling Protocols: It is being contemplated to use the tunneling protocols during the transition period from IPv4 to IPv6. Tunneling protocols allow the encapsulation of IPv6 traffic in an IPv4 data stream for routing through non-compliant devices. This may allow the attackers to take advantage of the vulnerabilities and cause problems in your network.
- Security Issues of Mobility: Mobility is a totally new feature of IPv6 that was not available in its predecessor. Mobility is a very complex function that raises a considerable amount of concern when considering security. Mobility uses two types of addresses, the real address and the mobile address. The first is a typical IPv6 address contained in an extension header. The second is a temporary address contained in the IP header. Because of the characteristics of this networks (something more complicated if we consider wireless mobility), the temporary component of a mobile node address could be exposed to spoofing attacks on the home agent.
- Auto-configration Feature: The auto-configuration feature of IPv6 allows devices to configure their IP address automatically and find out if the same if being duplicated elsewhere or not. This extends a lot of convenience to the network administrator but at the same time increases the inherent risks manifold. Because now the primary control of the network administrator to allow or disallow devices are weakened. It will be easy for malicious devices to latch on the network and create create vulnerabilities.
For more information on IPv6, visit http://www.ipv6actnow.org/.