SANS issues IPv6 security warning

[nsane.forums]

Security teams need to plan, test and secure a migration strategy now, says research body

IT security teams must start preparing now for the increased security risks that may arise from implementation of the forthcoming IPv6 protocol, warned security training and research organisation the SANS Institute.

SANS chief research officer Johannes Ullrich argued that many organisations have failed to grasp the full impact of a move to IPv6, or the amount of time needed to plan, test and secure a migration strategy.

"One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it," he said.

"Windows 7, OS X and Linux enable it by default. In the last round of operating system updates, it has tended to be turned on by default."

If intrusion detection systems are incorrectly configured to deal with IPv6 traffic, attacks designed to exploit devices enabled to work on the new protocol could be successful, Ullrich explained.

Andy Kellett, an analyst with Butler Group, suggested that IPv6 is actually more secure than its predecessor.

"But as with the development of any type of major IT initiative it is extremely important to take proper and full security precautions, and to include the organisation's security team at each stage of the IPv6 process," he said.

"Otherwise, some of the issues raised by Ullrich will undoubtedly happen."

View: Original Article

[irefay]

Aka: IT guys, get it together. I am still looking for an IT guy who isn't a complete POS. Your job is to help people not hide from them and try to make your job easy. I cannot do my job and yours too.