Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Firewall management, IPv6 and you

by Reuven Harrison - CTO, Tufin Technologies - Monday, 2 July 2012.

Created 30 years ago, IPv4 has a 32-bit addressing scheme and can support approximately 4.3 billion devices connected directly to the Internet. Well aware that IPv4 addresses would eventually run out, the IETF created IPv6 as an upgrade to IPv4. IPv6 features a 128-bit addressing scheme, supports a mind-numbing amount of devices and delivers much needed security and performance improvements.

While the IPv6 protocol has been around for along time, forklift upgrades to IPv6 were (rightly) seen as expensive and time consuming without much practical benefit. However, with the pool of IPv4 addresses completely exhausted, IPv6 is a trend whose time has come.

It is well known that most security incidents are caused by human error, either as the result of a programming error or through misconfiguration, so it comes as no surprise that research by Tufin Technologies revealed that misconfigurations are the greatest source of firewall-related risk and inefficiencies.

The lack of experience and training for those IT professionals dealing with IPv6, will only make mistakes more likely, and IPv6 address complexity will only exacerbate this because they are extremely difficult to read and do not lend themselves to memorization. Compare a typical 32-bit IPv4 addresses -192.0.2.31 with a 128 bit IPv6 address -2001:db8:31:1:20a:95ff:fef5:246e. Now do you get it?

Knowing that IPv6 migration will be a fact of life, here are some measures you can take to ensure migration efforts will not impede firewall management:

Understand what IPv6 means to your network, people, and vendor partners: Although many potential issues can be avoided by testing IPv6 conditions in a lab or by running pilots, as with any IT deployment, there are some scenarios that even th most savvy IT people would not have known to anticipate. The only way your team will learn what the issues are, is by experience. For example, network devices or firewalls could become overwhelmed and fail when used in an IPv6 environment, allowing data traffic to pass without full inspection or resulting in an outage, or not. Talk to your firewall and network infrastructure vendors to see where they are at with IPv6 and what sort of resources they can provide to aid with migration. If you outsource firewall management, get educated on what your MSSP or service provider is doing for IPv6.