Firms warned over IPv6 security risks

World on red alert

Companies need to be on their guard against cyber criminals using IPv6 networks to stage attacks, as the number of compatible end point devices in the workplace soars.

This is the view of WAN optimisation vendor Blue Coat Systems, who want firms to upgrade their security strategies to cover IPv6 network vulnerabilities.

The use of IPv6 networks has been gradually rising in recent years as the number of IPv4 addresses has dwindled.

This shift has been gaining momentum since the beginning of the year, when the Internet Society confirmed 6 June as World IPv6 Launch Day.

However, during this transition, it is claimed that some firms are failing to update their network monitoring and security tools to include traffic sent over IPv6 networks. This, it is claimed, is leaving them open to attack.

Speaking to IT Pro, Dave Ewart, director of product management at Blue Coat Systems, explained: "This shift has been gathering momentum for a while, with all the headlines around the fact we are running out of IPv4 addresses," he said.

"IPv4 will be running in parallel to IPv6, so it would make sense for people to start looking at solutions that are able to monitor both networks," he added.

Not doing so could result in bandwidth issues, as staff use unmonitored IPv6 networks to access restricted material. They could also provide a hiding place for cyber criminal activity, said Ewart.

"By not monitoring IPv6 traffic, businesses may be unaware of the amount of bandwidth that is being used by certain apps or employees that are using iOS devices, for example, in the workplace," said Ewart.

Industry backing

His claims have been backed by several industry players, including Terry Greer-King, managing director of end point security vendor Check Point.

"Because IPv6 now comes as a default option on [most] new server operating system software, end users can inadvertently (or purposefully) create an IPv6 network that is invisible to existing security products," he said.

David Harley, senior research fellow at anti-virus software vendor ESET, said this is a situation that can be easily avoided.

"The problem is not that IPv6 is intrinsically insecure, it's the fact that it's creeping onto sites by default via newer systems, [when businesses] should really have been working on a strategic, enterprise-wide rollout [based on] sound project management," said Harley.

Marina Gil-Santamaria, director of product marketing management at Ipswitch Network Management, added: "Logging, reporting, and analysing both IPv4 and IPv6 traffic should be done throughout [this] transition [because] attackers do not limit themselves to one protocol."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.