Only a handful of months remain before the IPv4 address supply is fully saturated, and along with the larger address space of the next-generation IPv6 architecture comes more enhanced built-in network security in addition to some new potential security threats.
IPv6 has been in the making for more than 10 years, but with the IPv4 address inventory slated to run out anywhere between spring and June of 2011, the drawn-out transition to the new IP may finally be on the horizon for some organizations. Unlike IPv4, its successor was created with security in mind. It incorporates IPSec encryption, for example, and its expansive address space could prevent the dissemination of worms, security professionals say. But its adoption also introduces new security problems, ranging from distributed denial-of-service (DDoS) attacks to new weaknesses in IPv6 to misconfigurations that reveal security holes.
Considering that much of the IPv6 address space will be vacant for a while as it rolls out and because of the vast address space it promises, a network worm attack in an IPv6 network would not be efficient because it would take much longer to work through that massive address space than in the current IPv4 networks, says IBM analyst Mike Montecillo.