IPv6 — News

Almost two years after ‘IPv6 day’ in 2011, security professionals cannot confidently manage security threats posed by the replacement to IPv4, according to the SANS Institute's Internet Storm Centre.

The week also saw the successful running of the Evolve.Cloud conference, which hit Sydney and Melbourne to bring together thought leaders in cloud security for an engaging program of speakers that addressed the overall idea that cloud providers need to step up when it comes to securing the data they're handling.

Cybercriminals have started launching distributed denial-of-service (DDoS) attacks against networks that transmit data over IPv6 (Internet Protocol version 6), according to a report published recently by DDoS mitigation vendor Arbor Networks.

IT execs know they will have to deploy IPv6 at some point, but where to begin? One approach that establishes some  IPv6 capability without spending a lot of time or money is to start at the perimeter.

We are in an awkward point in the history of the Internet. IPv4 address depletion has occurred yet we expect to use IPv4 for the next 15 to 20 years. Organizations see two paths before them. One alternative is to use continue to use IPv4 and expect to use multiple layers of network address translation (NAT) for many years to come. The other alternative is to start to use IPv6, however, the majority of enterprise organizations and content providers have not embraced the protocol.

Support for IPv6 has grown by almost 20 times in the past year by one measure, but most websites still can't be reached without IPv4, the current Internet Protocol, which is near running out of unclaimed addresses.

So although IPSec is a mandatory part of IPv6, it's not mandatory to use it. It's nice to have seat belts, and having seat belts built in does make it more likely people will use them.

The author is a Senior Network Engineer specializing in large-scale enterprise and data center network design for the Department of Defense

Cyberbullying may be more of an operational issue in schools than the outside hacking that enterprises face, but opaque IPv4 network configurations are causing security issues for both groups as organisations struggle to enforce administrative policies by reliably matching IP addresses and user identities.

Hundreds of Australian companies have trialled or introduced new IPv6 technology internally but are keeping silent out of concern that they’ll be seen to be taking unnecessary risks with the security of their networks, the Australian organiser of World IPv6 Day has revealed.

Internet service providers (ISPs) and telecommunications providers may be plotting their moves to embrace next-generation IPv6 network protocols, but a massive base of legacy IPv4 equipment will complicate things for a long time to come, executives of both Telstra and NBN Co have warned.

New IPv6 protocols may allow telecommunications carriers to step away from the idiosyncrasies of Network Address Translation (NAT), but the need to provide legacy IPv4 and NAT support could see them locking customers into IPv4 'walled gardens' that threaten the open nature of the Internet.

Changes in security profiles and vulnerabilities, "truly awesome" failure rates and still-evolving administrative techniques mean companies are right to hold off on embracing IPv6 for now, a senior technologist has advised after airing the results of a detailed global study evaluating IPv6 preparedness.

One of the first problems facing any layer three protocol is address resolution. Given an IP packet, how to deliver that to an Ethernet interface?

The decommissioning of the public switched telephone network (PSTN) across Australia over the next few years could accelerate the deterioration of one of communication technology’s most valuable assets: Trust.

October 17 marks the start of the two-day Australian IPv6 Summit, to be held in Melbourne. This year the event returns to the Sebel Hotel in Albert Park, with a speaker line-up that reads like a who’s who of networking industry in the APAC region. The event promises to continue the evangelisation of IPv6 — the next generation of Internet Protocol that ultimately we are eventually going to need whether we like it or not.

The Neighbor Discovery Protocol (NDP) was originally designed to do the equivalent of ARP in IPv4. That is, to resolve layer three addresses into layer two addresses. Later the protocol was extended to handle other functions, like duplicate address discovery, router redirects, router advertisements and neighbor reachability.

Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet's main communications protocol, which is known as IPv4.

“Better the devil you know than the devil you don't”. No matter how bad something is, knowing about it is half the battle won. So when something new comes along, like IPv6, its very newness is an issue.