Internet of Things (IoT), IPv6 and security challenges

What is internet of things?

"Things," in IoT sense can refer to a wide spectrum of devices ranging from driverless cars to automatic jets, smart homes to smart cities, health monitoring implants to biochips on farm animals. The list goes on and they all come under one umbrella embedded with software, electronics, sensors and network connectivity.

Where it is now and how is it moving?

As per the report published by OECD (Organization for economic co-operation and development), South Korea leads the list of countries by IoT devices online per 100 inhabitants with a count of 37.9 devices followed by Denmark, Switzerland and United States.

According to Gartner (A technology research and advisory corporation), there will be at least 26 billion devices on the Internet of Things by 2020.

IoT and migration from IPv4 to IPv6

Assimilation of "Things" to The Internet entails the devices to use an IP address as a unique identifier. However due to the inadequacy of address space of IPv4 (that allows a maximum of 4.3 billion unique address), migrating from IPv4 to IPv6 is inevitable taking into consideration the extremely large address space requirement.

IPv6 and challenges

Though the devices would face a lot of security challenges in terms of authentication, authorization, validation and spoofing, but the real challenge lies in installation and configuration of devices at the first place. Hence, this article only deals with addressing the IPv6 challenge that can be foreseen by the mammoth growth of IOT devices:

Migration to IPv6 requires considerable effort, preparation, and consideration. This would not be a simple technique and requires real-time expertise and research. If something gets messed up, it can leave gaping security holes for intruders to ply in. There might be chances of accidentally running both IPv4 and IPv6, finally vitiating the security of both. Again proper deployment and configuration are another serious issues. Trying to deploy IPv6 the same way as that of IPv4 would bring a lot of issues. IT administrators must quickly adapt to new approaches from simple network troubleshooting to firewall configuration and log monitoring. As IPv6 space count picks up, cyber criminals would spend more time and effort analyzing various ways to find loopholes. As new problems are uncovered, we’ll need new ways to overcome them.

Expectation from security provider

Organizations will require configuration changes to adapt to IPv6 networking patterns, both as a transport medium and reporting systems to ensure continued provision of scanning and protection. Security providers must be ready to face any new vulnerabilities and threat vectors as network practices evolve. Vendors will need to invest time and money to ensure complete support and maintenance for IPv6 and also must stay alert for any future dangers.

 Measures for safe configuration and deployment to keep in mind while doing the migration:

  1. Be cautious when using tunneling: Tunnels provide vital connectivity between IPv4 and IPv6 components. During the initial overlap period be cautious when using tunneling. Carefully check the setup of “automatic tunneling” tools. Traffic tunneling will also make network security systems less likely to identify attacks.
  2. Looking at the big picture: As network layout under IPv6 is completely alien from IPv4, replicating your as-is setup won’t provide desirable results. Hence, revamping your network design is an absolute requirement to get the best out of IPv6. So, it is not recommended to run multiple migrations and be 100% sure to consider the design of both the Internet-facing and LAN resources.
  3. Make sure your device networking infrastructure is compatible and up to date: Latest versions of firmware and software need to be updated. If these devices are not IPv6 ready, need to devise a plan. IPv6 may introduce risks at the protocol level and most organizations exclude their network infrastructure in their patching plans, which might be prone to unseen attacks.
  4. Think of IPv6 when you are absolutely ready: Nowadays platforms come with "by default enabled IPv6", but need to make sure it’s switched off until properly re-configured. Many firewalls work entirely on IPv4 and would not filter IPv6 traffic at all, leaving your devices completely exposed. Disabling unnecessary services and checking the ports and protocols used by those services is highly recommended.

Authored by Satyajit Behera

Rate this article: 
Average: 2.4 (7 votes)
Article category: