We tend to use the Internet every day of our lives without truly knowing what goes behind it, including the complex technical stories. All the data that we send and receive across the internet is transmitted in the form of small packets through networks specified by the Internet protocol. Every packet of data has two numeric addresses of the origin and the destination machines. Until now, the version of IP used was IPV4. But over the years, internet usage has drastically increased. As a result IPV4 cannot create anymore numeric addresses. This can be done by the new version IPV6.
So far, so good right? However, all is not well in the cyber kingdom. It seems that the new protocol is not without its share of flaws that could render systems vulnerable to security threats. One of the biggest threats lies in the transition that will have to be made from IPV4 to IPV6. Many analysts feel that there will be many instances of companies misconfiguring their new systems. Misconfigured systems will expose the systems to numerous security threats.
For example, while changing from IPV4 to IPV6t there will be tunnelling between the two networks. It has to be ensured that any unknown traffic from outside does not enter the tunnel without proper filtering and scanning. The main problem is that IPV6 is still a new concept and as with all new concepts, a lot of the technical experience is still unknown to most. As a result, there will be a lot of trial and error with potential vulnerability.
Sometimes an advantage can become a potential setback. While one of the reasons of using IPV6 is that it has a large space for IP addresses, it is also one of the reasons why it can become a technical nightmare. The routers which have the ability to change IP addresses will create internet traffic that might seem like an attack to an IPV4 firewall. Also while these changing IP addresses are a good security advantage, it is also a potential cause for chaos and confusion for routers which will have to process these changing IPV6 addresses.
Another factor lies in the use of Network Address Translation or NAT. This is usually used to secure IP addresses which are private. The transition to IPV6 might cause trouble if NAT is still used since the former requires extensive configuration.
There are both long term and short term risks which are going to emerge from IPV6. Among immediate threats, the critical question is what are the new setbacks that will emerge? New code means new bugs and new security loopholes which companies will not be prepared to fight. New adversaries mean new weapons and new fighting techniques. Among the long term risks will be the tussle between better security and lesser networking. And the other way round. Which one will it be?
The IPV6 is also built in with certain features of automatic configuration. These will help any intruder to configure and define an outside device as a router. This rogue machine can then allocate an IP address to every other device in that network. All this could be done without the knowledge of the user. If an intruder sets up such a device then all the Internet traffic will be rerouted to this “fake” router which can then do anything with the inflow of data.
Another threat relates to the routing header of IPV6 which lets the user define which route will be used for the flow of Internet traffic. Thus any attacker can find out the route and then congest that particular part of the network. That means that the attacker can actually control the flow of traffic on your network.
It is one common fear that the number of attacks on the IPV6 network is less in number because it has not been widely implemented as yet. Once this version becomes common usage, the number of attacks and invasions will go up. There are still a lot of flaws in the protocol which, along with inefficient implementation is causing the security threats.