IPv6….when…why….security?

Posted on May 10th, 2007 by Drazen Drazic

Is this getting any closer? It’s funny that the security weaknesses are already being discovered – for a while – what many years now?

Most security presentations continue to deliver the message that we’re only facing these security problems today (forget that many apps are also doing it) because of the inherent in-secureness of the architecture we all work on. Isn’t v6 supposed to fix that?! Or is it still focussed on being the fix to IP addresses today running out one day? (Like coal, oil)..Who knows?

It’s funny that a whole generation of IT dudes missed the early 90s where we all (or most) saw Unix and TCP/IP as old and on the way out systems and protocol…and Novell NetWare (and somewhat Windows) and IPX/SPX as the new world.

Did we move backwards or what? You can tweek and tune an old Ford Falcon GT to go as fast as a Ferrari…but you can’t guarantee at those speeds it will be safe. Sounds like a pretty cool analogy or am I just living in the past?

2 Responses to “IPv6….when…why….security?”

  1. Says:
    May 11th, 2007 at 12:01 am

    v6 … nothing that we can’t implement today in v4 … mainly more space and built-in IPSec. Basically too many chefs in the kitchen, too late in the game. Back when security was thought fixable with network security.

    DJB sums up interoperability, incompatiblity and adoption issues nicely.
    http://cr.yp.to/djbdns/ipv6mess.html

    Cisco says:
    —————————
    The following nine attacks have substantial differences when moved to an IPv6 world. In some cases the
    attacks are easier, in some cases more difficult, and in others only the method changes.
    • Reconnaissance
    • Unauthorized access
    • Header manipulation and fragmentation
    • Layer 3 and Layer 4 spoofing
    • Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) attacks
    • Broadcast amplification attacks
    • Routing attacks
    • Viruses and worms
    • Transition, translation, and tunneling mechanisms
    —————————

    Don’t hold your breath, mobile and wireless Telcos may help to drive adoption purely due to having used up all their public ipv4.

    Also, U.S. Department of Defense mandate of IPv6 by 2008.

    D.

  2. Beast Or Buddha » Blog Archive » An interesting way to look at IPv6 adoption Says:
    September 6th, 2007 at 2:41 pm

    [...] IPv6 posts: http://beastorbuddha.com/2007/05/10/ipv6whenwhysecurity/  Leave a [...]

Leave a Reply