IPv4 to IPv6: Security Policies to Consider

How a default enterprise security policy could be adapted for your organization’s particular needs.

IPV6 means more than just having a large enough pool of addresses to give every grain of sand and star in the sky a pool of unique addresses to play with. It also incorporates a lot of long-needed improvements in the IP protocol.

The switch from IPv4 to IPv6 will force many organizations to rethink the way their networks are defended. As noted in this EnterpriseNetworkingPlanet article, it is only when organizations become more open to incoming traffic that they will get the full benefits of IPv6.


Why is IPv6 Better?

So what has all this got to do with IPv6 security? It certainly raises the question of whether any form of NAPT is desirable. If you get rid of it, you have the potential benefit of end-to-end connectivity between any arbitrary device on your network and any external device — because with IPv6, remember, every device can have its own unique IP address because there are so many to go around.

And getting rid of NAPT with IPv6 doesn’t really make your network less secure by making its topology visible to attackers. That’s because default IPv6 subnets have some 2 ^ 64 addresses on them, so even at a rate of 10Mpps it would take more than 50,000 years for a hacker to complete a scan (and Nmap doesn’t even support ping sweeps on IPv6). That’s not to say that hackers won’t be able to carry out reconnaissance on your network — it just means that they’ll have to use other means, like DNS records or the examination of logs or netstat data on compromised machines, to find other machines to attack.

Recommended Reading:

This article was originally published on February 25, 2011

Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Embedded Analytics

Embedded analytics brings self-service business intelligence to everyday application users.

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their workforce operations. They provide a central platform for human resources professionals...

Complete List of Cybersecurity Acronyms

Cybersecurity news and best practices are full of acronyms and abbreviations. Without understanding what each one means, it's difficult to comprehend the significance of...

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

Remote Desktop Software

Remote desktop software gives businesses tools to use their company computers and resources...

Digital Marketing Acronyms and...

Many companies have had to evolve their businesses to meet consumer wants and...

Coursera

Coursera is an online education platform that offers a variety of courses and...