It was only recently that nearly 3,000 websites, ISPs, router vendors and hosting providers, including Midphase, enabled IPv6 on their internal data center networks, marking a major milestone in the growth of the Internet.
Since IPv4 addresses are running out, or have run out in certain parts of the world, the new protocol was required in order to handle future Internet growth. Just about anybody involved in the sale of networking equipment to the hosting of websites had (and has) a role in ensuring the transition goes smoothly.
However, VeriSign, a global registry operator for .COM and .NET domains (available for purchase on Midphase platforms) warns that security is often an afterthought when implementing a new protocol stating that “if network operators do not properly manage IPv6 – and recognize that it’s enabled ‘out of the box’ in most devices today – this will have a substantial impact on their security posture.”
While the security issues can be rather technical in nature, it’s useful to examine just one area the transition may affect security at an infrastructural level.
“During a long period of ‘transitional coexistence,’ IPv6 adoption may require large network address translation, protocol translation devices, end system or intermediate translation devices and protocols,” said VeriSign. “But these devices complicate the network and operations, and could break useful functions like geo-location or tools that security administrators use to identify and mitigate malicious network behaviors (e.g., blacklists and traffic filters).”
Thus, when choosing a hosting provider make sure they have taken the necessary security steps to handle the dual role of dealing with old IPv4 addresses and the new incoming IPv6 protocol, including:
- Begin monitoring networks for IPv6 traffic, especially if there are IPv6-enabled devices, operating systems and transitional configurations on the network.
- Turn off “IPv6 everywhere” to ensure that there are not any unknown paths through the network.
- Begin thinking about what is required to build the security needed to use IPv6 within the application layer and various software systems in the operating environment.
- Conduct an IPv6 pilot on a small portion of the network, potentially using a transitional technology.
- Develop a plan to transition an entire network to IPv6 incrementally.
- Execute the plan once ready, but execute quickly once committed; the number of vulnerabilities on an organization’s network will only increase as organizations linger.
- Acquire and test IPv6-aware monitoring and assessment tools.