Security Review: The Switch from IPv4 to IPv6

By diademed at 1:56 pm on March 16, 2008Comments Off on Security Review: The Switch from IPv4 to IPv6

The premise is, at some point in the future, it would be ideal for the internet to be using IPv6 as it’s main backbone, rather than the current IPv4. A discussion of the features and algorithms of IPv6 is beyond the scope of this review, but if you are unfamiliar with it, or have questions, wikipedia has some good information. The target of this review is that hypothetical night when ISPs, whether all at once or one-by-one, shut off access to the internet via IPv4.

Assets

  • Primarily Intellectual Property, the contents of websites that may be affected by this transition
  • Paid hosting time not taken advantage of (downtime costs money!)
  • Intangible assets; brand name, reputation, etc.

Adversaries

  • A company’s own IT department, failing to facilitate the switch
  • Malicious 3rd parties, attempting to spoof the site for their own end
  • Competitors, eager to be the only company on IPv6

Weaknesses

  • If a site isn’t accesible on IPv6, there will be a ‘gap’ where users would expect their site to be. This opens the door for spoofing attacks. What may look like a valid URL may actually not be the site you think it is.
  • Attacks currently present (and mitigated) in IPv4 may still present in IPv6, and existing mitigations may not apply.

Threats

  • 3rd parties taking over their URL in IPv6 as they find themselves no longer accessible on the internet.
  • Weaknesses in the IPv4 space that have already been successfully mitigated may find themselves being exploited by malicious users as a result of new mitigation requirements not being addressed.

Defenses

  • To defend against the types of attacks that may occur when switching from IPv4 to IPv6, possibly the best thing a company could do is to become IPv6 compliant far in advance of when the switch is to take place.
  • Vast amounts of new security analysis should probably be used to identify and correct as many of the new risks that may be present in IPv6 as possible.

Conclusion

While the transition may seem like it is a long ways off (and it likely is) at some point in the future, it is entirely likely that IPv4 will become either obsolete or not supported by many hosts. At this point it will be very important that risks old and new alike are examined and mitigated, that no inconvenient surprises await potential users.

Filed under: Security ReviewsComments Off on Security Review: The Switch from IPv4 to IPv6

Comments are closed.