Cyber Attackers Use IPv6 to Tunnel into Networks
Speaking at the Rocky Mountain 2010 IPv6 Summit, Command Information’s Cybersecurity CTO, Ron Hulen told the audience, “As IPv6 deployment and adoption continues to increase, both implementers and security personnel must be aware of the security risks present in IPv6. Security is just not keeping pace with adoption.”
The United States Government is now the fastest adopter of IPv6. Beginning in 2003, the Department of Defense identified its objective for an IPv6 transition of its networks and systems. In December 2009, the Federal Government required that IPv6 compliant products be specified in all new information technology acquisitions using Internet Protocol.
“The number of IPv6 vulnerabilities that traditional hardware and software assurance vendors can detect is limited because there are significant differences between IPv4 and IPv6 protocols. Traffic traversing through IPv6 transition mechanisms is undetectable by today’s firewalls and routers,” said Hulen. “Attackers are actively using IPv6 to tunnel into networks. Even if IPv6 is not enabled on the network, many of these security concerns still exist.”
When asked how to address these issues, Hulen encouraged businesses and government “to develop security policies and implement security tools to address IPv6 now.”
To assist in secure IPv6 deployments, Hulen described how Command information developed and deployed Assure6? – the first cyber security appliance to monitor both native and tunneled IPv6 traffic in order to detect and block malicious IPv6 attacks. Hulen and his cyber security team tested Assure6 for several Department of Defense agencies and observed first-hand its ability to detect IPv6 security threats currently undetectable with the existing security tools.
About Assure6?: The Assure6 suite is a commercial off-the-shelf (COTS) product that allows enterprise wide policy management of IPv6. It is a fully web-architected solution that aligns with Federal Government programs and initiatives such as the Comprehensive National Cybersecurity Initiative (CNCI) and the Department of Homeland Security’s Einstein Program. Assure6 enhances the ability to secure information regardless of traffic type and detects unknown IPv6 security threats in existing networks. This ensures the protection of networks while also providing a safe and reliable transition to IPv6.
About Command Information: A trusted partner to federal agencies and global companies for 18 years, Command Information is the premier provider of cyber security and enterprise transportation services and solutions. Command Information and AnviCom Inc., its government-focused subsidiary, provide technology, objective consulting, and engineering to leverage next generation Internet applications and services. Our SEI CMMI level 3 software development and systems engineering, coupled with deep domain expertise, support mission-critical enterprise systems with global reach. For more information, please visit www.commandinformation.com
Related posts:
