Posted: October 17th, 2013
Security issues in IPv6
Security Issues on IPv6
IPv6 means Internet protocol version six. Internet protocol is responsible for directing internet traffic. It was created to supplement IPv4. Initially, APARNET was being used, but engineers realized it was too limited. Therefore, the IP versions were introduced to enhance streaming data on the internet. However, internet protocol has been experiencing challenges that have become an obstacle to the growth of the internet. The designers of the IP packet intended to use little space but maximize on the number of addresses. The most appropriate one was considered a size of thirty-two bits. More than half of those addresses cannot be used. The rate at which people are getting addresses is rising everyday. It is likely that in a few years time, there will be no available addresses for use (Gonecalves & Niles, 1998).
Some of the security threats are being caused by problems when coding and weaknesses in implementing the protocols. Some people in this industry do not have adequate knowledge of this version. These users are therefore, vulnerable to security problems of this version. For example, a person may use IPv6, yet he is not aware that his firewall is not compatible to IPv6. Perhaps it cannot process traffic from this version (Radhamani & Radha, 2007). Designers and engineers are making emphasis that before anyone starts using IPv6 on their computers, they should ensure the machines are compatible. This includes both software and hardware. By doing this, security measures will be upheld. A user will also be protecting his or her computer from problems caused by incompatibility (Guttierez & Piattini, 2010).
People who do not intend to use IPv6 should protect their networks from receiving rogue traffic from this version. This can be done by blocking using firewall. However, this should not be done for a long time because most internet traffic is from this version. They do not want to prevent their client or other stakeholders from access. Most of these people could be using IPv6. Network managers need to be keen with the IPv6 tunnels. They are Teredo, 6to4 and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). These tunnels allow IPv6 packets to be engulfed in IPv6 packets (Amoss & Minoli, 2008). These packets can easily be transferred through firewalls enabled by IPv4 or other network translation modes. If this happens, a network manager will consider a tunneled IPv6 packet to be IPv4 traffic. As a result, they should be more careful and scrutinize what is in the tunnels. This can be done by using firewalls and other preventive systems (Radhamani & Radha, 2007).
The IPv6 network can allow a trespasser. An attacker can access a network in any part he or she wants. It is also possible for them to breach privacy of a device that is not on site. An organization may have other remote networks. An attacker can still manage to intrude in such networks. This is very risky because an organization’s information and data may be compromised. All necessary measures should be taken to ensure that this version is being used under secure circumstances. It is unfortunate that the majority of filter devices were not designed to be used with IPv6. There are worries that an intruder may hide traffic. This is possible when Route Header 0 is used. When IPv6 packets are transferred back and forth via the same link, there is a possibility of overworking the bandwidth. This will result to denial of further service. In addition to this, more illegal intrusion can be done by trespassers (Joshi, 2008).
If there are people who are still using Anycast, it is no longer secure. It functions by informing many places about the same IP in the internet. This happens so that every box will just move to the closest IP. The IPv6’s route header 0 feature can distinguish all services by Anycast. This is risky because the benefits of Anycast are not going to be utilized. A conclusion was made that Route header 0 is not useful. It only brings breach of security and other problems. Therefore, it can be prevented by locking it out of your network. The introduction of IPv6 is a threat to IPv4. Those intending to test IPv6 should be aware that they would make IPv4 vulnerable. A network manager may end up destroying IPv4 and realize IPv6 is not useful. It could also be a problem to other systems like security devices and the operating system. It would be a great loss especially if IPv4 was being used for income generation (Minoli, 2006).
Worms and viruses are suitable agents of passing on codes maliciously. This can be done through vulnerable hosts who are used to attack systems, which are remote. IPv6 has an advantage of mobility over IPv4. Though it is an advantage, it is associated with security risks. During mobility, two addresses are used, and the second one is temporary. Due to the features of these networks, they could lead to illegal intrusion (Joshi, 2008). When mobility is taking place, the network handlers should be very careful and ensure strict security measures. IPv6 is likely to get fragmentation attacks. They interfere with the operations of the operating system. For example, a ping of death attack happens when the system attacked is filled with fragmented internet control messaging protocol ping packets. In every fragment, the size of the ping packets becomes bigger than the normal size. This results to the system crushing because the sizes are beyond the limit of this version (Amoss & Minoli, 2008).
IPv6 has issues with its security. However, it is better than IPv4. The latter experiences more security threats. This was one reason why IPv6 was deployed. To subdue the problems associated with this version, the network managers should first get all the information available about this version (Minoli, 2006). Most people suffer when using it because they are not fully familiar with it. For example, before using it in a network, it is fundamental to first confirm whether testing it is possible. Consider all the factors influencing which version to buy and decide the most appropriate. Every security threat should be identified and dealt. Most of them are not complex hence; it is possible to solve (Loshin, 2003).
Amoss, J., & Minoli, D. (2008). Handbook of IPv4 to IPv6 transition: Methodologies for institutional and corporate networks. Boca Raton: Auerbach Publications.
Gonçalves, M., & Niles, K. (1998). IPv6 networks. New York: McGraw-Hill.
Gutierrez, C., Fernandez-Medina, E., & Piattini, M. (2010). Web services security development and architecture: Theoretical and practical issues. Hershey, PA: Information Science.
Joshi, J. B. D. (2008). Network security: Know it all. Burlington, MA, USA: Morgan Kaufmann.
Loshin, P. (2003). IPv6: Theory, Protocol, and Practice, 2nd Edition. Burlington: Elsevier.
Minoli, D. (2006). Voice over IPv6: Architectures for next generation VoIP networks. Burlington, MA: Newnes.
Radhamani, G., & Radha, K. R. G. S. V. (2007). Web services security and e-business. Hershey, PA: Idea Group Pub.
Place an order in 3 easy steps. Takes less than 5 mins.