« Network World 802.1X Tests
Thoughts on Policy and Identity for the Network »

IPv6 And Security Architecture Changes

I received a reader email asking if IPv6 is going to change the existing approach to security. He writes:

Do you believe that the transition to IPv6 will change the existing security architectures? I have heard from other professional architects, that there will be a transition from perimeter security to host-based security.

While the paper Darrin Miller and I wrote is the best place for a complete answer to that question, I can provide a quick summary and some clarification. Here’s the section on maintaining host and application security from the bottom of page 23:

Although timely patching and host lockdown are critical elements in IPv4, they are even more critical during the early stages of IPv6 because many host protections (firewalls, IDSs, and so on) do not yet broadly support IPv6. Additionally, it is highly likely (though testing is necessary; refer to Appendix A) that the initial introduction of IPv6 into networks will result in some hosts not being properly secured. It is necessary to focus on maintaining host security to ensure that hosts that are compromised will not become stepping stones to compromise other end hosts.

There’s also some information in my book on IPv6. It starts on page 668, which is available on books.google.com.

I actually think the move toward identity-based controls (whether IPv6 or IPv4) will have more of an impact on security architecture than the transition to IPv6 will. The network will remain important as a security control–as will the endpoint–but the shift will be towards more dynamic authorizations based on the the identity of the individual. IPv6 leads to subtle changes in the security architecture and I agree that endpoint controls will increase in importance; I don’t think that network controls will go away though. Security has always been about defense-in-depth and relying only on the host for security puts all your security eggs in one basket.

Technorati Tags: ,

This entry was posted on Monday, March 31st, 2008 at 10:42 am and is filed under General Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “IPv6 And Security Architecture Changes”

  1. Edward Vielmetti Says:
    April 29th, 2008 at 8:07 am

    Sean -

    Do you think that the biggest initial deployment security issues in IPv6 will revolve around implementation correctness, and the ability to test for same?

    What comes to mind quickly is things like IPv6 fuzzing a la

    http://seclists.org/pen-test/2008/Apr/0136.html

    which calls for the need for systematic ways to test correctness without knowing a priori what parts of the system are likely to break first.

  2. Sean Says:
    April 29th, 2008 at 2:30 pm

    Hi Ed,

    I think the biggest initial deployment challenge will quite simply be inexperience with the technology. There is very little understanding of IPv6 in the networking community, let alone IPv6 security considerations.

    I do agree that there will be implementation flaws and we’re probably only beginning to detect them. In the meantime, dual-stack systems with IPv4 and IPv6 running concurrently represent a very interesting attack vector as you can use a potentially insecure IPv6 stack to get onto the IPv4 network. In my testing back in 2004 there were instances of personal firewalls only protecting the IPv4 portion of the connectivity and leaving the IPv6 portion completely wide open.

    Fuzzing IPv6 stacks will certainly yield some flaws, not sure if anyone’s done anything comprehensive yet.

Leave a Reply