World IPv6 Day Raises New Security Concerns
Currently, there are no more available IPv4 addresses from regional Internet registries, spurring the global ‘test drive” of the expanded protocol Wednesday June 8 in preparation for the eventuality of worldwide deployment.
Spearheading the World IPv6 Day effort are major Web-oriented organizations such as Google, Facebook, Yahoo, Akamai and Limelight, which will transition their networks to IPv6 for 24 hours in an effort to identify any interoperability problems, security issues and other potential pitfalls that may occur before larger global migration to the new protocol.
While the new protocol contains some security enhancements, security solution providers say that the IPv6 transition could create security challenges for their customers, exposing more vulnerabilities and increasing the risk of attack.
“From an inherent security posture, the technology certainly opens up the door for some vulnerabilities. We’re hoping the long-term benefits outweigh the potential risk or exposure,’ said Don Edwards, managing partner at Houston, Tex.-based Broadleaf Group.
The biggest security vulnerabilities will likely come in the form of false positives, incoherent analysis and security threats that slip under the radar, security experts say.
"Misconfigurations and trial and error are likely to be big risks and concerns as networks move to IPv6," said Derek Manky, senior security strategist at Fortinet. "Since this is new space, security is typically exposed when complexity is introduced.
Manky added that the growing public space would inevitably create more hideouts for cyber criminals looking to expand their botnets in the future.
"Will we see more vulnerabilities? Yes, as more content is available on IPv6, but not just as a result of today," he said. "IPv6 is inevitable, and there will be new threats with the new protocol over time."
Jonathan Norman, director of security research for Alert Logic, said that hackers have recently launched attacks that targeted networking devices and were installed backdoors.
However, one mitigating factor was that many of the security issues often occurred in the way the protocol was implemented, not in the protocol itself, he said.
“It’s less about the details of the protocol and more about how they’re implementing it,” Norman said.
The yet-to-be-deployed IPv6 protocol is not in fact new, but has actually been around since 1998. As such, hackers have had time to develop several IPv6 vulnerabilities which currently exist in the wild.
According to the Information Systems Security Association, a security researcher Marc Heuse found several vendor platforms contained an IPv6 vulnerability that could enable a denial of service attack against any network segment the hacker could physically access.
The vulnerability enables a hacker to issue a large number of random advertisements, which would consume increasingly more CPU resources to process them. During the DDoS attack, the systems would become unstable and, in Microsoft’s case, require an operating system reboot to address the issue.
While Cisco issued a patch for the flaw in October, Microsoft and Juniper have yet to plug the security hole, according to the ISSA.
In addition, malware authors behind the infamous banking botnet Zeus have “future-proofed” the malware by creating it with IPv6 support for Jabber, POP3 and FTP protocols, ensuring compatibility and survival after world transitions to the more advanced Internet Protocol.
Hackers Will Test Attacks On World IPv6 Day However, Norman said that he didn’t anticipate a sharp rise in attacks following June 8. Like the rest of the world, hackers would also likely be “test driving” their attacks on the new protocol, which would eventually be conducted as IPv6 becomes increasingly adopted by organizations, he said.
‘”Various attackers are also using this as an opportunity to test their attacks,” Norman said “I don’t think we’ll see any sort of significant attacks today. They’re testing their exploits for later, when it’s widely deployed.”
Manky echoed that cyber criminals would take advantage of the disruption created by the disparate protocols to launch attacks that go unnoticed by the victims.
"One big concern is the blindspots caused by Ipv6 traffic being tunneled via IPv4 and it passing through a network uninspected. I think there are bad actors out there who are taking advantage of IPv6 Day to see what they can do on these IPv6 sites," he said.
But despite the possibility of increased risk with the IPv6 transition, channel partners say that security issues aren’t top of mind for their customers.
“Most concerns have not been as much about security, but more on stability,” Edwards said. “It’s up there. Most architect level IT people in the networking space always security at the top of their list. It just hasn’t been number one.”
Subsequently, Edwards said that he is educating his customers about the migration, while testing as many of their applications as possible to get a better understanding of the technology before his customers transition all of their Internet infrastructure to the new protocol.
Edwards said that he is taking a “wait and see approach” to determine how the IPv6 transition will affect the security landscape, but isn’t ruling out that cyber criminals are waiting to take advantage of weaknesses in the IPv6 protocol.
“As many as were gearing up for this day in a positive light, there are an equal number prepared for something negative and are waiting to get their name in the light,” he said.