News
James Lyne, Sophos: “The end of the Internet is nigh! Also, pigs might fly.”
March 2011 by James Lyne, Senior Technologist, Sophos
It is precisely this sensationalist nonsense that got us in to this mess years ago, but now we do have a real issue to address. IPv4, the protocol behind the majority of the Internet and your networks is quickly running out of addresses to assign, not to mention a raft of long standing security and performance issues we’ve all just ’got used to’. Exhausting the pool of addresses would mean severe challenges in growing the global online economy.
For years (at least since IPv6, the successor to IPv4 was published) groups have been predicting instant failure or that the available address pool would never really reach 0. Contradiction leads to confusion and growing desensitization towards the issue. However, analysts now are consistent and agree that we are not long at all from running out. We’ve also seen an increasing number of service providers introducing IPv6 capabilities (and the world’s first IPv6 only ISP in Asia) and governments regulating timeframes for readiness. So what do you need to know and do? It is a big topic, but this should give you some pointers:
1. IPv6 could be compromising your security right now. If you aren’t explicitly using it, you should make sure it is blocked. IPv6 can be a backdoor, circumventing your security controls and allowing hackers in. Whilst low in numbers, we have already seen some examples of such attacks, and malware using IPv6 as a transport.
2. This is not a ’seamless’ transition. IPv6 means upgrading a lot of infrastructure and a fairly fundamental change to the rules of networking. Luckily, most modern devices are IPv6 capable already. As you replace your infrastructure, you should think about what IPv6 transition would mean to minimize nasty surprises over the coming years.
3. Take a look at World IPv6 day on June 8th. Big service providers are forging ahead and trying to figure out the pitfalls.
4. Make sure your network and endpoint security teams are starting to learn about the implications of IPv6, at least to be able to block it until you are ready to transition! Watch out in particular for new tunneling protocols designed to simplify interoperability of IPv4 and IPv6. Unfortunately, these protocols can significantly complicate matters by exposing your network or causing performance problems. Make sure you are explicit about their use.
5. When the end comes, it doesn’t mean the web and your networks stop working. Rather, growing online infrastructure grows progressively much harder.
6. None of should fall in to the trap of ignoring IPv6 but you don’t need to panic either. Make sure it is in your radar to evaluate the impact and plan transition over the coming years. It would also be advisable to make sure your technology and vendors have a path to IPv6.
Sophos is exhibiting at Infosecurity Europe 2011, the No. 1 industry event in Europe held on 19th – 21st April at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
To learn more about the enhancements in IPv6 go to Sophos.com or sites like http://www.6uk.org.uk/ . You can also find more updates on the latest technology & threat trends by following @jameslyne .
