EC-Council Calls for Security Vigilance with IPv6 Transition

Share Article

EC-Council Urges Security Professionals to be More Vigilant in the Process of Migrating from IPv4 to IPv6

June 8th is World IPv6 Day and it’s a key opportunity for network security analysts, CSOs and other information security professionals to begin planning for their organizations’ transition from IPv4 to IPv6 - and consider the security issues that may develop.

“With the transition to IPv6 comes a host of security concerns, since a change from IPv4 to IPv6 means a change to the very protocol that drives the Internet,” said Jay Bavisi, president and co-founder of EC-Council. “Among other things, the larger address space and mandatory cryptographic functionality of IPv6, in theory, makes it a significant advancement over IPv4. However, IPv6 is not without its problems, and the real test is how well this theoretical superiority will translate into practical benefit.”

According to Bavisi, there are five main concerns with the IPv6 transition:

  •     Translating from IPv4 to IPv6 could result in poor, faulty implementations, or present an opportunity for hackers to exploit potential vulnerabilities
  •     Flooding issues are still a potential concern for IPv6, due to broadcast amplification smurf (Distributed Denial of Service) attacks on multicast traffic
  •     Because of the time it will take to fully migrate, we will see IPv6-IPv4 dual stacks, which increases the potential for attacks, by introducing the specific security issues of both protocols
  •     Header manipulation and spoofing are still possible, potentially allowing hackers to evade intrusion detection systems, intrusion prevention systems, and firewalls
  •     Due to the massive configuration process that will comes with IPv4-to-IPv6 migration, misconfigured systems will likely be the root cause of many security failures

Facebook, Google, Microsoft, Yahoo!, and Cisco are among the hundreds of organizations that will offer their content over IPv6 for 24 hours, during IPv6’s test flight on June 8th, World IPv6 Day. This event, organized by the Internet Society, will provide a glimpse into what is to be expected by the migration to IPv6 from a largely IPv4 environment, as well as the security issues that come with it. “Being prepared for IPv6 means being better educated, because we’re going to encounter problems for which we have little experience. World IPv6 Day will shed a lot of light on what we do and dot not know, and this is key to getting it right,” added Bavisi.

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst/Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Justin Troutman
Firm Nineteen
828-255-8853
Email >
Visit website