We are on the verge of an explosion in the number of Internet-connected devices, from security cameras to connected refrigerators, furniture and thermostats. Some experts predict that there’ll be as many as 200 billion connected devices around the world by 2020, or about 25 devices per person. And many of these devices will need an ip-address to connect to the internet.
Rapid Adoption of IPv6
The Internet Protocol version 4 (IPv4) is widely deployed as the core of Internet Protocol. It has a 32-bit address length that supports only 232 addresses or about 4.294 billion ip-addresses. So, it’s simply comprehensible that the current demand has exhausted the worldwide supply of IPv4 addresses. This exhaustion is all due to the speedily growing number of internet users. And due to this exhaustion, in the next few years, the new internet users will not be able to get an IPv4 address, which means that they’ll not easily be able to connect to the internet.
Luckily, the internet technical community has been developing the internet Protocol version 6 (IPv6), for nearly two decades. IPv6 is designed to support the needs of a rapidly growing number of Internet users. The Ipv6 has 128-bits address length, so it can support 2128 addresses, which is around 340 undecillion or 3.4×1038 addresses. And this predicts the rapid adoption of Ipv6 in the near future.
Ipv6 Security (attack and defense)
Besides expanded addressing capabilities, the increasing use of IPv6 will pose new vulnerabilities which will be exploited by attackers for breaking into networks. Not just that, the increasing use of IoT devices will also provide a helping hand to the hackers to exterminate the internet connection by flooding the internet with malicious traffic through ruinous Distributed Denial of Service (DDoS) attacks.
Unfortunately, as websites owners, there’s not much you can do to get those infected IoT devices fixed and guarded. You also cannot do much to repair the millions of vulnerable devices on the internet that can be used as botnets for launching the DDoS attacks. This is the change we expect to see as Ipv6 becomes more and more popular.
Here are some considerations concerning the IPv6 implementation and its security:
Some security tools and devices still don’t support IPv6 whereas some others that do support IPv6 aren’t configured properly by the engineers. Therefore, some firewalls, and intrusion detection and prevention systems can detect malicious Ipv4 data traffic, but the attacker may potentially penetrate the control and detection mechanisms by sending malicious IPv6 data traffic. Another concern is weaknesses in IPv6 which may be utilized by the attacker to conduct a network level attack against IPv6.
We have already seen a rise in numbers of IPv6 based DDoS attacks last year and we will likely to see more complex and sophisticated this year. The huge address area of IPv6 will enable each device in the world to have its own unique IP address, it also opens up the prospect of new and more powerful distributed denial of service (DDoS) attacks on the networks.
To defend against IPv6 based DDoS attacks, each organization must have a proper defense mechanism or a strategy in place to prevent IPv6 related security threats or to mitigate it.