Seeing as it’s World IPv6 Day, everyone is emphasizing the hard work they’re doing to help spread the world about the transition to must eventually become the internet’s new protocol – to do otherwise would be to suggest unpreparedness and technological backwardness. And yet, moving to a new protocol has plenty of other ramifications beyond simply having enough addresses. Interoute’s Mark Lewis offers up some straight talk about new security challenges in an IPv6 world:
It is security that could become the Achilles heel of the IPv6 switchover. In the IPv4 world, securing the LAN from cyber-attacks and intrusions is far easier. With multiple enterprise devices sharing a single IPv4 address, internet facing devices such as firewalls act as a single point of protection and control. Contrastingly, IPv6 is designed for a world where everything can speak to everything else. With IPv6 becoming ubiquitous, every PC, mobile phone, tablet, printer, vending machine, could potentially be an undercover agent inside the office, working to bring down the corporate network. For organisations, it could mean they are left wide open to attack given how many of those devices are portable and neither controlled by IT nor sitting inside IT-secured networks. Every device will need to be identified and protected, including every new phone, tablet and laptop, before it is allowed to engage with the corporate network, creating a significant headache for enterprise IT teams to solve.
If you consider each employee has on average three IP devices, as well as the myriad of infrastructure and personally owned devices in each office, the scale of this task is immense. We will have no choice but to migrate eventually, and those that deploy an effective security strategy early on will be best prepared for a smooth transition.
Yikes, I think I’ll just go hide behind my IPv4 firewall now so some Chinese or eastern European criminal group can’t hack into my personal data through a bug in my coffee maker’s firmware. That said, maybe the security guys love IPv6 too considering the fact that demand for their services might blossom alongside the new protocol.
As for this website, I’m unable to put it on IPv6 just yet since I am unwilling to uproot the whole site and move it to a new provider that can provide me a dual stack configuration and a DNS server that can serve AAAA records. But as soon as Rackspace makes it possible, I intend to make the transition.