IPv4 to IPv6: Security Policies to Consider
How a default enterprise security policy could be adapted for your organization's particular needs.
IPV6 means more than just having a large enough pool of addresses to give every grain of sand and star in the sky a pool of unique addresses to play with. It also incorporates a lot of long-needed improvements in the IP protocol.
The switch from IPv4 to IPv6 will force many organizations to rethink the way their networks are defended. As noted in this EnterpriseNetworkingPlanet article, it is only when organizations become more open to incoming traffic that they will get the full benefits of IPv6.
Why is IPv6 Better?
So what has all this got to do with IPv6 security? It certainly raises the question of whether any form of NAPT is desirable. If you get rid of it, you have the potential benefit of end-to-end connectivity between any arbitrary device on your network and any external device -- because with IPv6, remember, every device can have its own unique IP address because there are so many to go around.
And getting rid of NAPT with IPv6 doesn't really make your network less secure by making its topology visible to attackers. That's because default IPv6 subnets have some 2 ^ 64 addresses on them, so even at a rate of 10Mpps it would take more than 50,000 years for a hacker to complete a scan (and Nmap doesn't even support ping sweeps on IPv6). That's not to say that hackers won't be able to carry out reconnaissance on your network -- it just means that they'll have to use other means, like DNS records or the examination of logs or netstat data on compromised machines, to find other machines to attack.
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
Like everything in technology, AI touches on so many other trends, like self-driving cars and automation, and Big Data and the Internet of Things... Read More »DevOp's Role in Application Security
As organizations rush to release new applications, security appears to be getting short shrift. DevSecOps is a new approach that holds promise. Read More »Slideshow: Easy Editorial SEO Tips to Boost Traffic
This slideshow reviews five easy on-page editorial SEO tips to help drive organic search engine traffic, including the page title, heading,... Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »The 7 Layers of the OSI Model
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »