Latest news
While many large organizations have hooked their plans on change over to the ISOC launch date, legions of companies have already been leveraging IPv6 WAN connectivity. Most mobile providers who have adopted LTE 4G infrastructures have built around this networking principle already with mobile devices, by default, connecting to the Internet via IPv6 assignments.
It’s well known, however, that a 4G phone must also be 3G compatible and must also be able to regress to IPv4 published websites as not to upset the end-user community. Thus all we really have done, and much to the chagrin of the initial designers, is somehow weave IPv6 into the existing IPv4 Internet.
Bottom line: Because IPv4 is not going away and many estimate that it will take 10 years (or longer) for the natural death of IPv4 to occur, we will essentially live in perpetuity with both designs.
A new dawn? Or the beginning of the end? To be honest, it’s neither. The interoperability issues between IPv4 and IPv6, however, opens a Pandora’s Box of opportunity for those of the nefarious persuasion. Much has been written about this including from my colleague Ron Meyran who addresses specific IPv6 vulnerabilities that will remain and are likely to be with us indefinitely.
So, what are the three main takeaways from this event?
Take away #1: IPv6 will first be implemented on the WAN, IPv4 will continue to remain in the LAN for years to come
OK, so the ‘big boys’ – Google, Facebook, DNS and CDN providers – are all moving to IPv6 default systems via WAN connectivity. And many, if not most ISP’s are following fast or already there. However, nearly no one has made the transition to IPv6 for LAN. There are many reasons for this, but probably the most notable is that there really is no concept for IPv6 NATing, which would mean that most companies would need to go back to the drawing board for their LAN to transition to IPv6.
Realizing that IPv6 will be adopted at an ever-increasing rate on the Internet WAN operations, and it will be very slow to take hold for LAN operations, that means this will wreak havoc on perimeter security!
If we go back to Ron’s blog post we find out that there really is a huge problem associated with IPv4 and IPv6 cohabitating. The problem is twofold:
Problem #1 – There is no good security detection or mitigation for encapsulated traffic.
Problem #2 – All of yesterday’s exploits, in theory, can be tunneled through the perimeter if someone knows how to properly package the exploit in today’s new transmission transition packaging.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
