Five security issues to be considered for application IPv6

Although IPv6 is a secure protocol, the transition from IPv4 to IPv6 poses new risks and weakens the security policy of the Organization. It is important to understand the potential dangers and how to achieve the transition without compromising the company's security.

If you have not considered the impact of IPv6 on your network security, it is time to consider it!

You may know what are the main factors driving IPv6 application, and our IPv4 address is about to run out! Currently, the IPv4 32-bit address scheme can only accommodate 4.3 billion unique addresses. Although this number sounds great, everyone on Earth cannot own an IP address. In addition, some people also need more than one IP address, such as the IP address between the work location and the home, and other network devices. IPv6 uses the 128-bit addressing technology to solve this problem. The number of IP addresses allowed by the IPv6 protocol is x 10 to the power of 38. Therefore, it takes a long time for us to use up a large number of IP addresses.

What does the emergence of IPv6 mean for our security? Let's take a look at the five problems that affect our network:

1. Security personnel need education and training on IPv6 protocols. IPv6 will enter your network under your control, which is just a matter of time. Like many new network technologies, it is very important to learn basic IPv6 knowledge, especially addressing solutions and Protocols, to adapt to event processing and related activities.

2. security tools need to be upgraded. IPv6 is not backward compatible. The hardware and software used for communication routing and security analysis of the entire network must be upgraded to support the IPv6 protocol. Otherwise, these hardware and software do not support IPv6. Remember this when using boundaries to protect devices. To be compatible with IPv6. routers, firewalls, and intrusion detection systems all require software or hardware upgrades.

3. Additional settings are required for existing devices. Devices that support IPv6 regard it as a completely independent protocol. Therefore, the access control list, rule repository, and other configuration parameters must be re-evaluated and converted to an environment that supports IPv6.

4. New risks arising from tunneling protocols. Network and security groups have spent a lot of time and effort to ensure that IPv6 is a secure protocol. However, one of the biggest risks of such conversions is the use of tunnel protocols to support translation to IPv6. These protocols allow IPv6 communication to be isolated when IPv4 data streams pass through incompatible devices. Therefore, your network users can use these tunneling protocols to run IPv6. If this is a worrying problem, block the IPv6 tunnel protocol within your border.

5. Automatic IPv6 settings can cause addressing complexity. Another interesting feature of IPv6 is automatic configuration. The automatic setting function allows the system to automatically obtain a network address without administrator intervention. IPv6 supports two different automatic configuration technologies. The automatic setting of monitoring status uses DHCPv6, which is a simple upgrade to the current DHCP protocol. It is not very different from the security perspective. In addition, pay attention to the automatic setting function of the non-monitoring status. This technology allows the system to generate its own IP address and check the address repeatability. From the perspective of system management, this kind of non-centralized method may be easier, but for tracking network resource usage (or abuse !) For network administrators, this approach poses a great challenge.

As you said, IPv6 is revolutionary. IPv6 allows us to prepare for ubiquitous access over the next decade. However, like other technical innovations, we need to pay attention to IPv6.