IPv4 to IPv6: Security Policies to Consider

How a default enterprise security policy could be adapted for your organization’s particular needs.

IPV6 means more than just having a large enough pool of addresses to give every grain of sand and star in the sky a pool of unique addresses to play with. It also incorporates a lot of long-needed improvements in the IP protocol.

The switch from IPv4 to IPv6 will force many organizations to rethink the way their networks are defended. As noted in this EnterpriseNetworkingPlanet article, it is only when organizations become more open to incoming traffic that they will get the full benefits of IPv6.


Why is IPv6 Better?

So what has all this got to do with IPv6 security? It certainly raises the question of whether any form of NAPT is desirable. If you get rid of it, you have the potential benefit of end-to-end connectivity between any arbitrary device on your network and any external device — because with IPv6, remember, every device can have its own unique IP address because there are so many to go around.

And getting rid of NAPT with IPv6 doesn’t really make your network less secure by making its topology visible to attackers. That’s because default IPv6 subnets have some 2 ^ 64 addresses on them, so even at a rate of 10Mpps it would take more than 50,000 years for a hacker to complete a scan (and Nmap doesn’t even support ping sweeps on IPv6). That’s not to say that hackers won’t be able to carry out reconnaissance on your network — it just means that they’ll have to use other means, like DNS records or the examination of logs or netstat data on compromised machines, to find other machines to attack.

Recommended Reading:

This article was originally published on February 25, 2011

Related Articles

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...

Infographic

An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...

Phishing

What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

Remote Desktop Software

Remote desktop software gives businesses tools to use their company computers and resources...

Digital Marketing Acronyms and...

Many companies have had to evolve their businesses to meet consumer wants and...

Coursera

Coursera is an online education platform that offers a variety of courses and...