Network Security Managers ‘In Denial’ About Threat Risk Posed by IPv6
Internet Protocol version 6 carries a “significantly higher threat potential” than IPv4, security technology vendor Commtouch said this week. Spam, malware and other problems may be magnified if companies using the new technology don’t update their security and information technology systems, said Marketing Vice President Rebecca Herson. In general, current security solutions are obsolete and the “security world is in denial,” said IPv6 Forum President Latif Ladid. ICANN, however, said the risks aren’t much different from those of IPv4.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The threat potential is bigger with IPv6 because of the almost unlimited number of IP addresses, Herson said in an email. Now, a single computer spreading malware or viruses or participating in a botnet is identified by a single IP address, making it easier to block by barring that particular address or the range in which it sits, she said.
Most anti-spam and anti-malware systems rely, at least in part, on IP-based blocking, Herson said. Security solutions that depend on IP address detection from today’s mostly IPv4 world “could be easier to defeat under IPv6,” she said. The kinds of technologies that must be upgraded to deal with IPv6 include IP reputation-based spam-blocking, email header-based spam-blocking using IP address, URL filtering based on domain IP address and denial-of-service prevention based on attacker IP address, she said. In addition, because IPv6 allows so many more addresses, a rogue computer can jump around from one address to another, making it much harder to identify and stop, she said.
Blacklisting, which automatically halts messages from computer IP addresses known to be spreading threats, becomes ineffective with IPv6 because there’s such a vast number of possible new addresses, Herson said. Cloud-based technology that examines patterns and can identify outbreaks in real time “will be critical in the new IPv6 environment,” she said.
IPv6 email servers will actually help track down spammers, Ladid said. Spam is primarily spread by email, and is produced by email servers that are hidden behind network address translation (NAT) -- which allows IP addresses to be kept private behind a public address -- and can’t be easily traced, he said. But email servers using IPv6 will be able to be traced since there’s no NAT in the new technology, so the chances of tracking spam coming from IPv6 servers is highly possible, he said. “Expect spam to still use IPv4 NATs for the years to come,” he said. Deploying IPv6 servers “will be in this case a good thing,” he said.
But current firewalls for malware aren’t IPv6-enabled, Ladid said. IPv4 networks will be attacked by newly designed IPv6 malware because filtering by IPv4 firewalls isn’t possible, he said. Security software providers haven’t yet realized this, he said, and most are “still in denial,” making their firewalls basically obsolete, he said.
Every network that’s upgrading to IPv6 should first install a dual stack firewall to be safe from IPv4 and IPv6 malware, Ladid said. And deploying an IPv6 network without an IPv6 firewall is “also not smart,” he said. The security world is in denial and is failing to safeguard its customers, he said.
The immediate problem is that networking hardware is already IPv6-compatible but security and IT managers may not be well versed in IPv6 security, Herson said. Their systems may be susceptible to threats they're not aware of, she said. Administrators must roll out IPv6 slowly, making sure they put the necessary protection in place to do so, she said.
IPv6 doesn’t carry a significantly higher security threat than IPv4 although there are some small differences in what the risks are, an ICANN spokesman said. Asked if IPv6 security is an issue ICANN and Interpol, who said recently they want to explore closer collaboration on Internet security, might discuss, the spokesman said it’s too soon to say. The first order of business is for the Governmental Advisory Committee to consider giving Interpol observer status, he said, “and that hasn’t happened yet.” -- Dugie Standeford.