Networking

06:38 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Shadow Networks an Unintended IPv6 Side Effect

IPv6 is gaining traction--problem is, "shadow networks" may find their way into enterprises as well. Learn more about this potential security hazard.

As adoption of the IPv6 Internet protocol continues to gain traction, some network security monitoring businesses and industry analysts are starting to see a troubling phenomenon they call "shadow networks."

On a shadow network, data flows through new IPv6-enabled connections and onto the existing IPv4 network--but the IPv4 security in place is unable to identify that IPv6 traffic. All sorts of security perils can arise, as a result. Even though they're currently only theoretical, security experts worry it may not be long before hackers and the like figure out how to use shadow networks for nefarious purposes

Blue Coat Systems, in introducing its PacketShaper 9 network monitoring device this week, says that on shadow networks, employees can engage in prohibited file-sharing or view pornography, both of which carry network security risks. Also, cybercriminals can use these shadow networks to distribute malware.

Shadow networks are popping up as more IPv6 connectivity is appearing on networks where it’s not yet formally supported by IT organizations, Blue Coat says. They can also appear on networks in which the enterprise has just upgraded to Microsoft Windows 7 from XP because 7 is automatically IPv6-enabled. PacketShaper 9, however, adds support for IPv6 to monitor and screen that traffic.

But the vulnerability remains for those who haven’t addressed this problem. Or more specifically, address this potential problem. Blue Coat says it knows of no attacks made on IPv6 shadow networks. But Bob Laliberte, senior analyst at Enterprise Strategies Group, thinks it may be just a matter of time.

“I haven’t heard of any malicious attack in the IPv6 [realm] yet, but the key word there is ‘yet,’” he says. “I'm not saying that to be a pessimist, and I hope that it doesn’t happen, but it just seems inevitable when one of these opportunities that could be exploited exist, the hackers tend to find it and can get in there.”

Network administrators need to think through the deployment of more IPv6 equipment, Laliberte says, because if they do that and aren’t firewalling the ports through which they connect, they could have a potential shadow network issue.

Elsewhere in the WAN optimization market the people at Narus are aware of the IPv6 shadow network issue, but say it’s nothing new.

“The term shadow networks is relatively new, but previously it was just called covert channels,” says Travis Dawson, director of product management for Narus. “This is just another tunnel, and we detunnel it and look inside of it just like any other standard tunnel.” View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
6
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
6
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed