With the explosion of the Internet of Things many organizations are now in the planning stage for adding support for the IPv6 network protocol. The reasons why organizations need to do this fall into two main categories:
However, even with its benefits, organizations still need to approach the switch to IPv6 carefully in order to maintain a strong security posture, and avoid introducing vulnerabilities to their networks. Here are three key steps to help prepare for a successful transition:
The first step is planning – organizations should decide exactly where they want to deploy IPv6, and why. Do you want to move to an IPv6-only network, or will IPv6 be an overlay on an existing network? Will the network be extended to partners and customers, or will it be for internal use only? The answers to these questions will help you determine the scale of the deployment, and the timing.
In many cases, small-scale IPv6 deployments are often made as experimental or test environments, sitting alongside IPv4 production networks – and the IPv6 network may not always be protected. However, because it is accessible from the production network, it’s still vulnerable. So a critical point to note is that if you do plan to build an IPv6 network for test purposes, make sure it is completely separated from production networks, and with security controls in place to enforce that separation to stop it becoming an attack vector.
Follow the rules
Step two is establishing the security rules for the IPv6 network. If you have an IPv6 overlay network sitting over an IPv4 network, you will need to replicate and translate all of your existing security and network rules and policies from IPv4 across to IPv6. There is a risk that attackers could use the IPv6 network to bypass security controls and filters designed and configured for IPv4 traffic, unless rules are strictly enforced. After all, many existing security controls which rely on blacklisting malicious IP addresses would be ineffective without rules that govern both IPv4 and IPv6. AlgoSec’s solutions can assist with the migration of rules and policies from environment to environment by automating the process, reducing the time taken and the security risks of miskeyed addresses or other translation mistakes.
Step three is auditing. You need to consider preparing for an in-depth security audit if the IPv6 network is not separated from your existing networks. This means that all your security and auditing tools and processes must support IPv6 so that they can be audited in the same way that they currently are with IPv4. You should check and verify that your solution vendor does allow you to set IPv6 policies, and to configure and monitor IPv6 traffic.
IPv6 undoubtedly offers many advantages to organizations, and ultimately all businesses will need to switch to IPv6. As with any migration, there is the possibility of introducing security vulnerabilities, but following the three steps outlined here will help to ensure a smooth and secure transition.
Receive notifications of new posts by email.