For those who missed the announcement from the Internet Society (ISOC) World IPv6 Launch day arrived on June 6. (I blogged about World IPv6 day, back in March.) Carl Herberger, VP Security at Radware (RDWR) recently wrote at Help Net Security that he sees World IPv6 Launch day as much more hype than an operational change.
Many high-profile organizations like Google (GOOG), Facebook (FB), Microsoft (MSFT) Bing, Yahoo (YHOO) and Akamai (AKAM) have hooked their plans on change over to the ISOC launch date, Mr. Herberger points out that many companies have already leveraged IPv6 WAN connectivity. Most mobile providers who have adopted LTE 4G infrastructures have built for mobile devices, which connect to the Internet with IPv6 addresses, default. He argues that since a 4G phone must also be 3G and IPv4 compatible all the 5G providers have done, and much to the chagrin of the initial designers, is to have woven IPv6 into the existing IPv4 Internet.
Bottom line: Because IPv4 is not going away any time soon, we will essentially live in perpetuity with both designs. A new dawn? Or the beginning of the end? The Radware VP thinks it’s neither, he calls the interoperability issues between IPv4 and IPv6, a Pandora’s Box of opportunity for those of the nefarious persuasion.
So, what are the three main takeaways from World IPv6 Launch day?
Take away #1: IPv6 will first be implemented on the WAN, IPv4 will continue to remain in the LAN for years to come – Google, Facebook, DNS, CDN providers and many, if not most ISP’s are all moving to default IPv6 WAN connectivity. However, nearly no one has made the transition to IPv6 on the LAN. Mr. Herberger adds that rapid IPv6 deployment on the Internet WAN operations side, and the very slow rollout of IPv6 on the LAN side will wreak havoc on perimeter security. He believes that there are huge problems associated with IPv4 and IPv6 cohabitating.
Moreover, most of us will be largely blind to these realities unless you are acting now to make certain that your gateways are designed with all encapsulated traffic being detected and mitigated. Anomaly detection takes center stage here and signature tools will leave you wanting.
The Radware VP concludes that this problem requires action on behalf of security professionals to solve; you HAVE to do something differently because the inertia path will leave you vulnerable.
- It’s World IPv6 Launch Day: Welcome to The Wider Web(tomshardware.com)