Many mobile devices such as laptops, tablets and smartphones are IPv6-ready. Service providers are ready for the growth in users, noted Bob Laliberte, senior analyst at Enterprise Strategy Group, but enterprises may be delaying an IPv6 migration because they aren't running out of IPv4 addresses.
"Where enterprises might get hit is by BYOD, as employees want to connect their own devices," he said.
The bring-your-own-device (BYOD) trend means many companies are allowing IPv6-ready devices to connect to their networks--which can create security concerns. One side effect of this, however, is something some network security monitoring experts call "shadow networks." Because newer devices are IPv6-enabled, data flows from them onto the existing IPv4 network. The problem: The existing IPv4 security is unable to identify the IPv6 traffic, which can lead to security holes.
And it doesn't take employees bringing their own IPv6 devices to create these so-called shadow networks--the effect can also appear on networks in which the enterprise has just upgraded to Microsoft Windows 7 from XP because 7 is automatically IPv6-ready.
"If you're not controlling your IPv6, it can come into your network and bypass your security," cautions Michael Hamelin, chief architect at Tufin Software Technologies.
Tufin just announced the latest release of its Tufin Security Suite (TSS), which enables enterprise and service providers to monitor and manage IPv6 firewall policies. Tufin's IPv6 support enables service providers and enterprises to centrally manage IPv6 firewall and router security policies and ensure compliance with internal and regulatory standards.
Hamelin says the first step any enterprise should take is to build an IPv6 security policy. "Most of what you have already applies," he explained. While there are slight differences between IPv6 and IPv4 in terms of security, the newer protocol is just as secure as the old--but it's important that enterprises make sure they can see IPv6 traffic running on their networks, even if they are not formally deploying IPv6 yet.
While mobile devices with IPv6 do create security issues that must be addressed, BYOD is not the top concern for the 426 respondents surveyed for the InformationWeek report "IPv6: This Time, It's For Real" last month. The top five greatest security risks:
- Lack of staff knowledge: 68%
- Unreliable code in network systems and/or operating systems: 34%
- Transition technologies: 32%
- Insufficient support in security products: 28%
- Process disruption (that is, new opportunity for human error): 23%
Alain Fiocco, senior director and head of the IPv6 High Impact Project at Cisco Systems, says it's critical that enterprises control how IPv6-ready devices connect to their networks.
Many private networks in specific industry segments such as utilities and manufacturers will have to deal with devices that are IPv6-only, he added. Such tools include smart meters measuring electricity usage in homes or robots on an assembly line.
"All of these new breeds of devices will have IPv6," he explained.
Learn more about "Strategy: IPv6: This Time, It's for Real" by subscribing to Network Computing Pro Reports (free, registration required).