As IPv6 gains in popularity, so does the popularity of its vulnerabilities. As we have discussed recently, the rollout of IPv6 is taking quite some time. Even if your company has not yet made the leap in IPv6, hackers are now using IPv6 to attack IPv4 networks, so you should be aware of security gaps found in IPv6 in order to protect your network.
IPv6 was created with security in mind, and the specification requires the use of IPSec. IPSec is the protocol in charge of encrypting IPv6 packets, but like anything else, it cannot stop every security gap on its own.
Many network protection software suites designed for IPv4 networks do not detect IPv6 packets, which makes it imperative for IT administrators to upgrade to suites that do. Because of the ability of IPv6 to simultaneously support IPv4, a hacker can use the undetected and unprotected IPv6 range of a network to infiltrate the IPv4 network, all while escaping detection by IPv4 detection software.
Take IPv6 to IPv4 (6to4) tunneling for example. For nearly 10 years now, Windows has included support for 6to4 tunneling. In a system that supports 6to4 tunneling, an IPv6 packet has IPv4 headers added to it for transmission over the internet, which is IPv4. Then, when the packet reaches the target gateway, the packet is stripped of the IPv4 headers and all that remains is the original IPv6 packet. This type of packet transmission is hard to track, filter and trace, so special attention needs to be made in your IPv4 network to ensure this type of tunnel is blocked or properly monitored if needed.
If you don’t have an IT team that can closely monitor new security trends and how they could affect your business, OAC Technology, a Minneapolis-based IT company, can help you lock down and maintain your Network Security. We can scan your network and make personalized recommendations for your business based on what we find. Contact us today to set up a free Network Security Audit.