IPv6 – is your client’s IT security ready for this technology?

March 8, 2011

By Steve Gold (@stevewgold)

You may have read that IPv4 numbers have run out at the global registry. With most ISPs in Europe expected to run out by the end of this year, businesses will have to start migrating to IPv6 technology if their IT systems are to remain cost-effective.

Where does this leave network security?

Few companies have installed IPv6-compliant IT security systems, meaning that an IPv6 transmission on their networks could be doing all sorts of nasty stuff – but, without an effective security system in place, the IT manager could be blissfully unaware of what is going on.

In fact, many devices on corporate networks are already IPv6-enabled, including the Apple iPhone and Mac OSX from version 10.2 onwards.

This means that, if I interface my iPhone to a colleague’s Mac in say, France, where his WiMAX provider supports native IPv6 connectivity, then the data packets are completely IPv6 compliant.

My current IPv4-compliant security software is therefore unable to track what is going on within the data packets, although my hardware-based firewall will block any IPv6 nastiness, as thankfully, it does support native IPv6 security features.

I was chatting last week with Glenn Mansfield Keeni, the president of Cyber Solutions, a Tokyo-based firm that has been leading the march of IPv6 security in Japan, linking up with several universities in the process.This has allowed his company to develop NetSkateKoban, Japan’s first IPv6 security technology capable of blocking unauthorised terminals on an organisation’s network.

Keeni told me his firm had been working closely with Tohoku University, Sendai, the Intelligent Cosmos Research, and other R&D support institutions both inside and outside of Japan.

So I started doing some research into what IPv4 security solutions support native IPv6 security features. There aren’t that many, but those vendors I have spoken to say they plan on releasing upgrades this spring, in time for World IPv6 Day on June 8.

On that day, Facebook, Google and a number of large service providers around the world – including several here in the UK – will turn native IPv6 facilities on within their Internet-facing networks for 24 hours and monitor closely what happens.

I have no doubt that the hacking community will also be watching this with interest and may even develop some hacking technology to take advantage of IPv6-to-IPv6 insecurities.

The good news here is that, by the summer, if they haven’t already done so, corporates will be busy installing new IPv6-compliant kit on their IT resources.

This means something of a bonanza is coming for those vendors that support IPv6 security technology, as well as their resellers who sell and support these leading edge systems.

The $64,000 question, of course, is how many resellers are equipped to take advantage of the forthcoming sales bonanza with IPv6?

Time to get those manuals out I think…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: