William Jackson | Getting ready for IPv6? It's already here

Cybereye: How IPv6 can boost configuration management

William Jackson

As agencies work to transition their network backbones to Internet Protocol Version 6 by June 2008, an interesting bit of information has surfaced to remind us that IPv6 already is here.

Lumeta, which makes those cool maps of the Internet, also does regular scans for IPv6 addresses.

It found that the number of active IPv6 addresses has increased by 18 percent since the release of Microsoft's Windows Vista operating system.

We tend to think of IPv6 as a feature we will turn on at some date in the future. But, 'IPv6 connectivity and networking exists today,' said David Arbeitel, Lumeta's chief technology officer. 'IPv6 security considerations have to be considered up front.'

IPv6 is a new generation of protocols specifying how computers communicate with each other. Although it promises new functionality and improved overall security, the new version is different enough from the current version that new security tools and policies are needed to adequately protect networks running the protocols.

Most networks are not knowingly using IPv6 today. But more and more network hardware and software is enabled for these protocols, and, as activity increases, network administrators need to begin thinking now about how to secure their networks against IPv6 traffic.

'You can't ignore IPv6 security issues before you light it up,' Arbeitel said. 'The second you turn on an IPv6 connection you need to already have secured it.'

In terms of absolute numbers, the volume of active IPv6 addresses still is pretty low.

Lumeta found more than 2,600 of them as of April 30, up from about 2,200 in January. But those addresses are in network infrastructure and do not represent end nodes using IPv6. Lumeta says the growth of the new protocols in the network infrastructure reflects a growing demand among users for the service and theorizes that the demand is being driven by the adoption of Vista.

Vista is IPv6-enabled by default, and Microsoft reports it has sold about 40 million licenses for it. Of course, that does not mean 40 million PCs are using IPv6 today. Most users probably are not even aware of that feature in their new computers. But the growing availability of these end nodes that can use the protocols apparently is increasing demand for IPv6 services from
network providers, if for no other reason than to enable test beds and other trials.

So IPv6 packets are out there on the infrastructure, just waiting to be let in. Application layer threats are independent of the network protocol, so they can be delivered just as easily by IPv6 as by IPv4.

There have not yet been highly visible exploits using IPv6, but history has shown that hackers are more than willing to use any edge they can get in the quest to deliver malicious payloads. If all they need is a PC running Vista and access to an IPv6 network, we probably won't have to wait too long before rogue traffic begins to appear.

'Networks are moving that way whether network managers want it or not, or even know it or not,' said Lumeta's Jeremy Nazarian. 'It's out there.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above