Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    IPv6 Structure Will Require New Security Policies and Tactics

    By
    Fahmida Y. Rashid
    -
    February 4, 2011
    Share
    Facebook
    Twitter
    Linkedin

      With the transition to IPv6 network addresses gaining momentum, organizations are checking their infrastructure to ensure they are ready.

      The last blocks of IP addresses were allocated to Regional Internet Registries (RIR) in a public ceremony on Feb. 3. While each RIR has its own policies and rules for how these remaining addresses will be assigned, they are not expected to last out the year. In fact, the counter widget on IPv4 Address Report estimates the last address will be assigned sometime on Sept. 23.

      The network switchover from the current IPv4 addresses to the newer 128-bit IPv6 addresses has security implications as well, according to several industry experts. The IPv6 namespace seems almost infinite in the possible number of addresses, with 340 undecillion possible addresses.

      There’s a lot of room for spammers to stretch out in, Qing Li, Chief Scientist at Blue Coat Systems, told eWEEK. There won’t be any “new spam problem” with the move to IPv6, it will just be a more “emphasized problem” because of the sheer amount of available addresses, he said.

      In fact, spammers, just like many other organizations, have already started migrating operations to IPv6. A weeklong study in March by RIPE Labs, the security arm of Europe’s RIR, found that 3.5 percent of total e-mail received over IPv6 networks was spam. It’s a trifling amount compared to the 31 percent received during the same period over IPv4, but it indicates the spammers have already started the transition. The amount of spam on IPv6 remains minuscule in terms of total volume, at 1.89 percent, RIPE Labs said. However, the RIPE study didn’t include all the spam that never made it on to the network because the firewall blocked it based on blacklisted DNS hosts and greylist settings.

      Blacklists and greylists are another area of concern, as there is only one maintained list at this time. Until reputation systems and blacklists become more common on IPv6, it will be difficult to filter out spam messages. Even so, the way reputation systems and blacklists are generated may need to be rethought, according to Li. An IPv6 address has two parts, the prefix assigned by the individual network, and the access assignment value dynamically generated by each device. As a result, a device can have its IPv6 address refreshed as often as every 24 to 48 hours, Li said. It’s not the same as just blocking out a specific set of numbers, he said.

      Reputation based mechanisms will need to be tweaked to rely more on e-mail content scanning methods and less on reputation.

      The dynamically changing IP addresses also mean IT managers won’t be able to just mechanically map existing security policies to apply to IPv6 networks, Li said. The IT manager has to rethink the way security policies within the organization was designed to fit with IPv6’s new packet structure and how the addresses are generated.

      Organizations have to test the firewall to ensure the new policies handle IPv6 correctly. Internet service providers can’t treat IPv6 like it’s the same as IPv4 with just more addresses, Asaf Greiner, vice-president of Commtouch, told eWEEK. IPv6 offers hierarchical addressing, where the addresses can be assigned to a single device, as well as to multiple devices within a group, he said.

      The addresses also contain fields for quality-of-service support. IPv6 also allows mobile devices to dynamically change addresses as their locations change without losing existing connections to the network, he said. All these things need to be considered when developing firewall rules and network policies, he said.

      IPv6 packets also have extension headers developed to improve performance by simplifying the overall structure. Since these headers are optional and can be used in different ways, security protocols on firewalls and other network devices need to be able to understand the variations, according to Greiner. Attackers can also manipulate the optional headers for their own uses, as well.

      The dual stack being rolled out by various telecommunications carriers, where customers have both a IPv4 and IPv6 address, also pose security challenges, as network administrators have to remember to create firewall rules and security policies protecting both networks, said Li. Otherwise, attackers can just stroll right through the hole on the IPv6 side.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×