Earlier, I covered the iSuppli announcement that nearly 3 out of every 4 people on Earth will soon own a mobile phone. Now, this factoid has some consequences. Johannes Ullrich, PhD, chief research officer for the SANS Institute is predicting that the arrival of new and upgraded IPv6-enabled operating systems, can open new and unrecognized security weaknesses in otherwise secure environments.
Dr. Ullrich told Net Security, “One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it.” He continues, “Windows 7, OS X, and Linux enable it by default. In the last round of operating system updates, it has tended to be turned on by default.” Dr. Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC), also highlights devices running Apple’s IOS such as iPhone as well as some Google Android devices come with IPv6 enabled by default.
Dr. Ullrich says that the growth of mixed IPv4 and IPv6 networks, sometimes without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6-enabled devices could also be missed by security teams not looking for IPv6 traffic, “Many organizations will look at their own networks and not see a big problem staying on IPv4,” he explains.
According to Net Security, Ullrich believes that organizations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test, and secure any migration strategy. Ullrich believes that it will take at least about a year for larger organizations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS, and monitoring tools will need reconfiguration. The application layer is more problematic according to the SANS Institute expert “It is comparable to the Y2K problem, and there may well be many complex or custom applications that are affected by switching over that need to be tested.”
This gadget has been developed by Takashi Arano, Intec NetCore
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.