I’ve twisted Mr. Joe Klein’s arm one last time, and he has graciously consented to talk about IPv6 and security. Just in case you missed the first two podcasts, Joe is a senior IPv6 security researcher for Command Information, holds many professional accreditations, and is a member of the North American IPv6 Task Force. Listen to the podcast.
Topics presented in the podcast
The point of this podcast is to discuss relatively unknown security concerns that surface when a network is running IPv4 and IPv6 concurrently and when running IPv6 natively, with a special emphasis on firewalls. With respect to firewalls, Joe mentioned two Web sites, “IPv6 ready.org” and “Joint Interoperability Test Command” (JITC), in the podcast as invaluable resources for determining if equipment is indeed IPv6-ready.
The following questions depict the main points presented in the podcast:
- Is there a relatively unknown problem caused by having IPv6 enabled on machines using IPv4?
- Since IPv6 is new, the developers should have addressed security. Yet there appear to be some issues, what are they?
- Why should people be wary of firewalls and perimeter devices that claim to be IPv6 ready?
I’ve linked Joe’s entire presentation “Joe Klein Hope Presentation” (pdf) as it has useful information about IPv6 security concerns. The first slide lists the most important concerns:
The next slide shows just how vulnerable a network can be if the firewall is not configured to use IPv6:
By using “whatsmyv6.com” you are able to determine if your connection is supplying an IPv6 address. This even applies to mobile phones as shown in the next slide:
The preceding slide shows the IPv6 address obtained when using Wi-Fi. I expected that to be fairly common. What I didn’t expect was the issuance of IPv6 addresses over the telco network. The following slide is proof of that though:
Security is usually an afterthought. As the Internet becomes a more unfriendly place, that’s a luxury we can’t afford. It appears that using IPv6 will cause some security issues just from our inexperience. I hope the three podcasts with Joe have elevated everyone’s perception and understanding of IPv6. I know I’ve learned a great deal.
If you missed the other podcasts, here are their links: “IPv6: Why Is It Needed?” and “IPv6: Tips for Transitioning.” I once again want to thank Joe Klein for dispelling many false perceptions about Ipv6 and Sonja Thompson, TechRepublic Senior Editor, for her help in making me sound more coherent than I thought possible.
Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic’s Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!