IPv6 security solutions help you proactively identify, assess, and
fix IPv6 security threats. Even organizations that still use IPv4 can be
significantly and unknowingly impacted by IPv6 security, as many devices are
enabled by default for IPv6. If not properly tested, these devices can actually
represent a significant risk and an attack path for hackers. IPv6 security
solutions have been specifically designed to help organizations identify,
manage and fix IPv6 security threats.
Some interesting facts. There is actually more people
living on the entire planet, than there are currently IPv4 addresses. What is
an IPv4 address? The analogy I like to use is, think of your phone book, and
we've run out of phone numbers. IPv6 is basically a new area code or a new
phone number that we are starting to hand out. An IPv6 is the parallel world in
IP addresses, in numbers that you need to run websites. Most people actually
don't care about IPv6. It's interesting that they don't, because quite frankly,
they should. Let me tell you why.
There is some early adopters in the industry, such as
Telco companies, higher education, and federal agencies. The reason why these
are early adopters is because, in the case of Telcos, they really are the
backbone of our next generation Internet, media, and telecommunication exchange.
Higher education is provisioning their students, and Federal agencies are
actually mandated by law, in some industries and some sectors of Federal
starting deploying IPv6. Many other industries haven't yet. They don't feel
like it applies to them. They don't think IPv6 is relevant for them. What's
interesting actually is that they probably should, because even if they are not
running IPv6 networks, there are many, many devices on our IPv4 environments
and networks that are, by default, configured to run both on IPv4 and IPv6.
They ship from the factories with both enabled. If you
don't know that, you might not even know that you have these devices on your
network. Why is that important? Because, that could open up a potential door
for an attacker actually to take advantage of this information, to come in
through IPv6 into our environments, and do some damage and breach your
environment.
What's challenging about IPv6 security overall?
Fundamentally, there are three main things. As we just discussed, they are very
difficult to detect. Very often, we don't even look for them. If you don't look
for them, you are not going to find them. Secondly, it's very difficult to
actually run IPv4 and IPv6 in parallel. This is quite complex. It requires a
lot of technical skills. Many organizations just haven't started looking at
that yet, so it's very complex. Thirdly, because there's a lot of uncertainty
and misinformation around IPv6, it's actually an ideal threat factor for
attackers to come in and leverage this misinformation, to take advantage and
breach your environments. Those are the three challenges with security.
Now, what recommendations can we provide to you? Number
one, get educated. Get smart about IPv6. There are a number of white papers out
there. There's a number of webcasts out there that can help you to better
understand what to do about IPv6, and how to handle that from a security
perspective, as well as overall how you can deploy it in your networks.
Secondly, find out if you have IPv6 environments, even if you are not running
an IPv6 environment. You can use solutions such as vulnerability scanners or
discover tools that will help you to understand if you have IPv6 enabled
devices on your network. If the answer is, "Yes, I have them," make
sure that you turn off these devices, because that will help you prevent
potential attacks from happening. The analogy I would use, it's like you have
your house. You have your front door which is locked, but all of a sudden, you
have a back door that you are not even looking at, that has an open door. Make
sure you lock that back door as well, to protect your environment.