{"id":17245,"date":"2012-06-12T22:10:46","date_gmt":"2012-06-13T02:10:46","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-07-29T16:07:15","modified_gmt":"2021-07-29T20:07:15","slug":"security-considerations-for-ipv6","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/security-considerations-for-ipv6\/","title":{"rendered":"Security Considerations for IPv6"},"content":{"rendered":"

\"Security<\/a>For those who missed\u00a0the Internet Society<\/a> (ISOC) announcement that World IPv6 Launch day arrived on June 6. (I blogged<\/a> about World IPv6 day<\/a>, back in March)<\/em> Carl Herberger, VP of Security at Radware<\/a> (RDWR<\/a>) recently wrote<\/a> at Help Net Security<\/em> that he sees\u00a0World IPv6 Launch day as much more hype than an operational change.<\/p>\n

\"Internet<\/a>Many high-profile organizations have hooked their plans on change over to the ISOC launch date. Supporters include Google<\/a> (GOOG<\/a>), Facebook<\/a> (FB<\/a>),\u00a0Microsoft<\/a> (<\/a>MSFT<\/a>)<\/a>\u00a0Bing<\/a>, Yahoo<\/a> (YHOO<\/a>), and Akamai<\/a> (AKAM<\/a>).\u00a0 Mr. Herberger points out that many companies have already leveraged IPv6 WAN<\/a> connectivity. Most mobile providers who have adopted LTE 4G<\/a> infrastructures have built them for mobile devices, Mobile devices will connect to the Internet with IPv6 addresses by default. He argues that since a 4G phone must also be 3G<\/a> and IPv4 compatible, the 5G providers have not done much. The service providers have woven IPv6 into the existing IPv4 Internet<\/a> much to the chagrin of the initial IPv6 designers.<\/p>\n

IPv6 Pandora\u2019s Box<\/h3>\n

Bottom line: Because IPv4 is not going away any time soon, we will essentially live in perpetuity with both designs. A new dawn? Or the beginning of the end? The Radware VP thinks it\u2019s neither, he calls the interoperability issues between IPv4 and IPv6, a Pandora\u2019s Box of opportunity for those of the nefarious persuasion.<\/p>\n

So, what are the three main takeaways from World IPv6 Launch day?<\/p>\n

Take away #1<\/h3>\n

\"Dog<\/a>IPv6 will first be implemented on the WAN, IPv4 will continue to stay in the LAN<\/a> for years to come – <\/strong>Google<\/a>, Facebook<\/a>, DNS, CDN providers, and many, if not most ISP\u2019s are all moving to default IPv6 WAN connectivity. However, nearly no one has made the transition to IPv6 on the LAN. Mr. Herberger adds that rapid IPv6 deployment on the Internet WAN operations side and the very slow rollout of IPv6 on the LAN side will wreak havoc on perimeter security. He believes that there are huge problems associated with IPv4 and IPv6 cohabitating.<\/p>\n

\n

Take away #2<\/h3>\n

IPv6 & IPv4 don\u2019t cohabitate well<\/strong> – IPv6 and IPv4 make insecure bedfellows. There are no predefined standards in the way to handle the cohabitation of IPv4 with IPv6.\u00a0 The transition mechanisms to ease the transitioning of the Internet from its first IPv4 infrastructure to IPv6 have not been standardized yet. The Internet Engineering Task Force (IETF)<\/a> has working groups and discussions through the IETF Internet-Drafts and Requests for Comments <\/a>processes to develop these methods. Some basic IPv6 transition mechanisms have been defined; however, nothing has yet emerged as a proposed uniform standard. As such, the article states, the world is awash with a plethora of IPv4 to IPv6 (and vice versa) Transition Mechanisms such as:<\/p>\n