16 Aug 2011

New internet protocol poses computer security challenges

During the next two years, the transition from internet protocol version four to version six will make more than 4 billion new web addresses available. This is crucial in order to accommodate the growing number of worldwide internet users, yet the switch could create significant computer security issues, according to a recent ComputerWeekly round-up of industry professionals.

Internet security expert James Lyne told ComputerWeekly many businesses might rush to implement IPv6 because it has better functionality than IPv4, but by making the switch before updating all their security measures, these companies will be vulnerable to hackers exploiting the new protocol.

Even more alarming, Lyne said, is that many hardware devices and programs, including Windows Server 2008, Windows 7 and Skype, are already set to automatically run IPv6. If users are not aware their systems are running IPv6, they will not update their antivirus and other defense systems to guard against cyber attacks. Firewalls blocking IPv4 intrusions will be easily breached by IPv6 malware, which ComputerWeekly says is already proliferating.

Qing Li, another internet security pro interviewed by the source, said IPv6 has better encryption and simpler processes for installing programs to guard against specific types of threats than IPv4. However, Raj Samani said he and his colleagues in the field of computer security are trained in IPv4, and there could be a steep learning curve before IPv6 runs as securely as the current protocol.

The ComputerWeekly article was published the same day that Manish Goel, CEO of a company that specializes in email authentication, told ZDNet that IPv6 will require entirely new ways of identifying and blocking spam.