IPv6 Shadows Loom Over Enterprises

Content Dam Btr Migrated 2012 04 Btr Feature Art Ipv6 4 25 12
Btr Feature Art Ipv6 4 25 12While enterprises might not feel the immediate pressure to evolve their infrastructure to IPv6, certain actions they and others are taking may be putting their networks at risk of shadow networks, malware, or other security breaches. As a result, web security firms like Blue Coat are warning companies to be proactive about monitoring for IPv6 traffic as both their external and internal networking worlds continue to change.

Specifically, as the sun continues to set on IPv4, it is hoped that World IPv6 Launch, set for June 6, will mark the beginning of the permanent transition to the newer protocol, designed to alleviate the drain on IP addresses.

Participating ISPs have committed to 1% of active IPv6 usage across their footprints by that date; home networking equipment manufacturers to enabling IPv6 by default in a range of products; Web companies to implementing IPv6 on major sites; and content delivery network (CDN) providers to enabling IPv6 throughout their infrastructure. (http://www.worldipv6launch.org/press/20120117-2//)

But many enterprises, while they understand the ultimate importance of transitioning to IPv6, have a more leisurely adoption plan spanning the next two to five years. The reason is that by implementing network address translation (NAT), most only require a small number of public IP addresses even for fairly large organizations.

Yet, these companies also are upgrading their switching and routing architecture or moving to the latest Internet Operating System from Cisco, and as a result are bringing IPv6 into the equation, said Mark Urban, Blue Coat senior director of product marketing. At the same time, employees are utilizing iPhones or tablets in the office and may configure them to connect with IPv6.

"Suddenly (an employee is) running (IPv6) over the enterprise network to the Internet, even though company policy says (IT) will support it in two to three years ... suddenly they have a bridge to the outside world that might not be covered by the gateway solution," Urban said. This covert channel or shadow network can be exploited by someone with malicious intent.

Companies need network visibility now that can pinpoint IPv6 traffic and verify if the uses are valid, Urban said. If not, the enterprise can shut down the traffic and adjust its IPv6 support plans and infrastructure accordingly.

Monta Monaco Hernon is a free-lance writer. She can be reached at mcmhern@yahoo.com.
More in DOCSIS