ISS X-Force Whitepaper: Security Implications of IPv6

["Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>]

Focus-IDS readers-
 
ISS X-Force has released a whitepaper describing the current and future
security implications of the IPv6 protocol. The main premise of the
paper is to help educate administrators and network operators about how
IPv6 can be used today on current IPv4 networks to establish rogue
channels and to evade IDS systems. I have included the executive
summary, and a link to the paper in its entirety below: 

Executive Summary 

Internet Protocol version 6 (IPv6) contains numerous features that
make it attractive from a security standpoint. It is reliable and easy
to
set up, with automatic configuration. Huge, sparsely populated
address spaces render it highly resistant to malicious scans and
inhospitable to automated, scanning and self-propagating worms and
hybrid threats.

IPv6 is not a panacea for security, though, because few security
problems derive solely from the IP layer in the network model. For
example, IPv6 does not protect against misconfigured servers, poorly
designed applications, or poorly protected sites. In addition, IPv6 and
IPv6 transitional mechanisms introduce new, not widely understood,
tools and techniques that intruders can use to secure unauthorized
activity from detection. These IPv6-derived efforts are often successful
even against existing IPv4 networks.

Since many network administrators have yet to take advantage of
IPv6, they may be unaware of IPv6 traffic that has tunneled into their
networks. Attackers are already using this potential oversight to
establish safe havens for attack.

Fortunately, existing protection technology is equipped for IPv6,
making protection across this emerging standard both practical and
straightforward. This whitepaper discusses the security implications of
IPv6 and solutions that enable administrators to protect against
attacks, intrusions and backdoors that take specific advantage of the
protocol.

Security Implications of IPv6:
http://documents.iss.net/whitepapers/IPv6.pdf

Regards,
===============================
Dan Ingevaldson
Engineering Manager, X-Force R&D
dsi () iss net 
404-236-3160
 
Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net 
===============================

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------