The internet, which exhausted four billion-odd website addresses in its present form last month, will now have to move to a new format. The new one will allow greater number of addresses and as it does, organisations will face challenges adapting to the new system. Lack of awareness coupled with new vulnerabilities are likely to create security problems, experts say.
When we type a website address, the computer breaks it up into a mix of unique 32 zeros and ones. This binary code identifies and locates the computer on which the website resides. Techies call it internet protocol (IP) and the one that got exhausted is version four, also known as IPv4. The new system, IPv6, will have a mix of 128 zeros and ones. It will offer practically unending number of web addresses. To boot, IPv5 was an experimental system that never went public.
The security issues surface since IPv4 and IPv6 are weighed the same for security threats, right now. “The real issue is lack of awareness among network professionals, security architects and staff. They are not well-versed with the security nuances of IPv6 and lack expertise to handle the new protocol. This would remain a real danger for several months till everyone is trained. Security devise support in handling IPv6 traffic will also play a major role,” says Vishak Raman, regional director – India and Saarc, Fortinet.
Although some blocks of IPv4 addresses are still with domain name registrars of countries including India, the price of such addresses is expected to spiral. So, it might become cheaper to get IPv6 addresses, pushing firms and other organisations to buy new protocol-linked addresses.
Since the migration will be gradual, systems running both IPv4 and IPv6 will co-exist. Older devices that do not recognise the new protocol will run alongside newer devices compliant with the new protocol. This, however, can be dangerous, warn experts.
“Organisations that still use legacy smartphones and devices hooked to their system may face problems when they update to the new protocol. Their security software may suddenly treat all these devices as alien and reject them,” Anand Naik, senior director and systems engineer at Symantec India told ET.
“IPv6 also has some new vulnerability when it comes to sending emails and there could be security threats while transferring from the present system to the new system,” says Fortinet’s Raman. Emails are broken up into parts when on their way to the recipients.
Every part consists of a header, a group of information on destination and how it should join with other parts when it has reached the recipient. “The structure of headers under IPv6 and the procedures it uses to navigate these parts through the internet, lends to some security issues which rogues can target while transitioning from IPv4,” Raman points out.