As IPv4 addresses are exhausted, IPv6's almost unlimited IP Address Resources meet the needs of the global Internet. However, everything has two sides, and both advantages and disadvantages. While meeting the needs of Internet IP addresses, a series of security problems also emerge.
IPv6 is not more secure than IPv4
Compared with IPv4, IPv6 has made more security considerations at the beginning of its design. With IPSec (Internet Protocol Security), the security performance of IPv6 is indeed improved. However, recent network attacks show that IPSec cannot handle all vulnerabilities in IPv6 networks. Compared with IPv4, the new network environment is more complex and the resulting Network Vulnerabilities are more unpredictable.
Moreover, although IPv6's internal encryption mechanism provides identity authentication and confidentiality for communication between users and servers, it allows attackers to bypass firewalls and IPS checks using encryption mechanisms, an attack is initiated directly to the server because these security devices cannot detect encrypted content. In addition, the security risks in the IPv6 redirection protocol are also worthy of attention.
Notice on Enterprise Security from IPv4 to IPv6
With the increase in the number of IPv6 terminals, IPv6 traffic has appeared on the Enterprise IPv4 network before many enterprises plan to transition. Employees can share files and download videos in these new unmonitored networks at will, and these vulnerabilities will be hacked.
In the existing IPv4 network, the potential threat of IPv6 brings a series of risks and bandwidth problems to enterprises. The trend of working with self-built devices like BYOD has aggravated these problems. Many terminals and devices now support IPv6. due to the increasing number of external devices used for work, the risks of IPv4 networks in enterprises are also increasing.
The IPv6 traffic that appears in an IPv4 enterprise network is "shadow network". When an IPv4 network is used, the application runs on an IPv6 shadow network, in this case, network security measures are bypassed, resulting in a large amount of bandwidth consumption.
During the transition, enterprises will face more information security problems and re-understand and adjust the information security system.
First, to achieve seamless compatibility between IPv4 and IPv6, many IPv6 devices have built-in stateless automatic configuration functions, but such network devices become uncontrollable devices for network administrators. Administrators cannot detect which network devices are out of control, but Attackers can exploit this situation. Secondly, when enterprises welcome IPv6, IT management becomes more difficult. At the same time, there are few questions in the industry about how IPv6 built-in functions can help users improve privacy protection. Instead, they focus more on how to deploy IPv6, this allows many insecure protocols, standards, and technologies to be widely used without any consequence. Enterprises are vulnerable to attacks in such a transitional environment.
Compared with the security experience accumulated on IPv4, the industry's experience in IPv6 Security is still insufficient. In the days when IPv6 was introduced, all network devices had to support two versions of network protocols. Therefore, the increased network security risks may cause huge losses. Before looking at IPv6, people's vigilance and enthusiasm obviously need to coexist. Enterprises that do not need IPV6 or have not completed the transition should disable IPV6 on all systems, or they should "monitor and defend against attacks like IPV4 ".