ISPs fear IPv6 security threats

Over half of internet service providers believe that new threats could emerge with the deployment of the new Internet Protocol version 6 (IPv6), according to the latest annual worldwide Infrastructure Security Report from Arbor Networks.

The survey polled around 70 IP network operators across the globe, reporting a continued rise in smaller scale and more sophisticated attacks, including service-level and application targeted attacks, DNS poisoning and route hijacking.

Only eight per cent of respondents believed that threats will decrease with improved IPv6 deployment, while 55 per cent thought that the threat landscape would become more risky.

Daniel Karrenberg, chief scientist at regional internet registry RIPE NCC, argued that IPv6 is not inherently any more or less secure than the current IPv4.

"Internet users need to ensure that the network-specific parts of their defences work at least as well for IPv6 as for IPv4," he said.

"If a firewall is used as part of a defence strategy, it makes little sense to have it inspect IPv4 packets only and let all IPv6 packets pass."

But Craig Labovitz, chief scientist at Arbor Networks, maintained that many ISPs are not being supported by the security vendor community.

"They do not have the equipment and vendor support to address security threats in IPv6," he said. "A huge range of edge devices are not IPv6 capable today, and that's even more true of backbone devices."

The report also highlighted that service providers are finding their resources coming under increasing strain, and are turning to managed security service providers in greater numbers.

Matthew Tyler, director of consultancy Evolution Security Systems, argued that, although IPv6 would be more secure once implemented, security issues may arise during the changeover.

"The biggest issue with security is always managing change, and there's no way you can manage change with something the size of the internet," he said.