Categories
Improving Technical Security IPv6

TechRepublic: Are You Thinking About IPv6 Security With World IPv6 Launch Looming?

Techrepublic In a TechRepublic article out today titled “World IPv6 launch day set: Security pitfalls to look out for“, author Patrick Lambert asks a key question related to World IPv6 Launch on June 6, 2012:

Now, this year is the real deal. On June 6, the IPv6 switch gets turned on again, but this time it will stay on. But what does this mean for organizations and companies? Is everyone ready, and if not, will things break? Worse, are there security concerns that may arise from such a major event?

He rightly points out that the IPv4 to IPv6 transition technologies – and the wide number of them – may cause some of the largest security headaches. Similarly Internet Service Providers who are not planning ahead may be an issue:

While I have all confidence that Comcast and AT&T will get their transition systems working, when some small provider finds out that they can’t get another batch of IPv4 addresses from their upstream link, and instead get IPv6 addresses, and they need to rush to adapt, that may be a different story.

He goes on to mention issues around IPv6 numbering and also the immaturity of IPv6 network stacks compared to their IPv4 counterparts. He ends with an upbeat caution:

Overall, all of these issues shouldn’t dissuade anyone from moving on with their IPv6 implementations, but it’s good to remember that as World IPv6 Day approaches, and the big players like Comcast, AT&T, Facebook, Google, and so on are all on board, it’s always the small players that are going to be playing catch up, and may get things wrong. And that’s where a particular attention should be paid to implementation security, and making sure things are done right.

With World IPv6 Launch approaching, what are you doing to ensure the security of your network once it moves to IPv6?

P.S. If you need help with IPv6 and your network, check out our IPv6 resources.

2 replies on “TechRepublic: Are You Thinking About IPv6 Security With World IPv6 Launch Looming?”

I’m sorry, but that’s an astonishingly clueless article: “NAT filtering” and “NAT routers” and of course NAT as a security measure; using valid IPs as examples (and claiming that assignments will be in numeric order); equating link-local to RFC1918 addresses; the list goes on. This author is clearly someone who has learned about IPv6 from the back of a cereal box.

Bill,

Ha! I debated about dealing with the “NAT as security” aspect of the article but decided that it could make this post far longer than I wanted. Still, I wondered how long it would be until someone else pointed that out.

You are absolutely right that there are definitely flaws in the article. However, I think the overall point is very valid that security should not *block* progress toward IPv6, but should definitely be something that is considered during the transition.

Thanks for the comment and for pointing out the flaws in the article.

Dan

Comments are closed.