IPv6 taking on national-security implications

U.S. federal agencies said to be the 'guinea pigs' for new network security standard

Limited visibility?

Several makers of scanning products admit they have limited eyesight when it comes to IPv6.

At nCircle, chief technology officer Tim Keanini says the nCircle IP360 scanner will be able to recognize where IPv6-based devices are on the network but won't be able to perform thorough scans comparable to IPv4.

Tenable, which makes both active and passive scanners, says it's starting to see IPv6 more clearly. Tenable chief executive officer Ron Gula said the company's ActiveScan Nessus scanner has "traditionally been a scanner for IPv4." A beta version of the IPv6-capable Nessus 3.2 is available for download and review, with a final version expected out by this summer. Tenable host-based passive scanner doesn't support IPv6 yet.

Gula says the lack of support often seen for IPv6 in security products today is directly related to the lack of customer demand. But he noted that with Microsoft's Vista, which support IPv6 by default, enterprises will be adding IPv6 to their networks though they may not be fully aware of it.

"IPv6 is another attack surface," says Adam Stein, vice president of product management at Mu Security, which has added IPv6-based analysis to its Mu-4000 Security Analyzer appliance over the last few months. The Mu-4000 looks for zero-day vulnerabilities in network equipment through a protocol mutation process. "The fourth-generation cellular phone networks are all designed to IPv6," Stein added.

One thing to keep in mind about IPv6, Stein says, is that "history is repeating itself" in terms of host and network vulnerabilities, such as buffer-overflows, that the industry has had to battle in the IPv4-based products today. "Expect to see the same problems all over again," Stein emphasized, saying Mu Security has uncovered five- or six-dozen vulnerabilities in carrier networks, though only disclosed about two dozen of them so far publicly.

While the lack of widespread deployment of IPv6 to date has made many security vendors turn a blind eye to IPv6, the good news is that they can become quickly motivated to become IPv6-capable when they think it's time. Qualys, for instance, which just last month said it had no plans to adapt the IPv4-based QualysGuard vulnerability-assessment platform to IPv6, made an about-face, saying it would have be IPv6-capable by early next year, if not sooner.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?