Network World - Hundreds of popular websites -- including Google, Facebook, Yahoo and Bing -- are participating in a 24-hour trial of a new Internet standard called IPv6 on June 8, prompting worries that hackers will exploit weaknesses in this emerging technology to launch attacks.
BACKGROUND: Large-scale IPv6 trial set for June 8
Dubbed World IPv6 Day, the IPv6 trial runs from 8 p.m. EST on Tuesday until 7:59 p.m. EST on Wednesday.
Security experts are concerned that the 400-plus corporate, government and university websites that are participating in World IPv6 Day could be hit with distributed denial of service (DDoS) or other hacking attacks during the 24-hour trial.
"In the last five months, there has been a huge increase in DDoS attacks," says Ron Meyran, director of product marketing and security at Radware, a network device company that is not participating in World IPv6 Day. "IPv6 is going to be even easier for attackers ... because IPv6 traffic will go through your deep packet inspection systems uninspected."
Meyran says another concern is that IPv6 packet headers are four times larger than IPv4 headers. This means routers, firewalls and other network devices must process more data, which makes it easier to overwhelm them in a DDoS attack.
"With a DDoS attack, you need to reach 100% utilization of the networking and security devices to saturate the services," Meyran says. The longer headers in IPv6 "must be processed completely to make routing decisions."
"I wonder if there's going to be any sort of DDoS type of things going on ... or hackers probing servers that are dual-stack enabled [running IPv6 and IPv4 at the same time],'' says Jean McManus, executive director of Verizon's Corporate Technology Organization, which is participating in World IPv6 Day. "Content providers need to be careful and watch to make sure that everything is appropriately locked down."
Many security threats related to IPv6 stem from the fact that the technology is new, so it hasn't been as well-tested or de-bugged as IPv4. Also, fewer network managers have experience with IPv6 so they aren't as familiar with writing IPv6-related rules for their firewalls or other security devices.
"We know from security breaches that the security rules that allow you to see the network and applications better ... is where there is a lack of training and expertise with IPv6," Meyran says. "The new software is much more complex ... and there are much less programmers familiar with it."
BY THE NUMBERS: 8 security considerations for IPv6 deployment
World IPv6 Day participants say the event was advertized to everybody in the Internet engineering community, including hackers, and they are beefing up the security measures on their sites accordingly.
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!