This Network World article talks about the hidden threat posed by rogue IPv6 usage. To a certain extent, this is a bit of a red herring and here’s why. For IPv6 to traverse the corporate network, the routers, switches and infrastructure components need to (a) support IPv6 and (b) it has to be enabled.
Now, assuming that the infrastructure is indeed up to date and that the IPv6 is enabled, then and only then will the rogue IPv6 become an issue. At this point, many of the security infrastructure vendors will fail to stop the use. Palo Alto Networks is different. Here is how we can help alleviate this issue before it becomes one.
* We can detect and block IPv6 with a set of signatures and decoders included in App-ID.
* If IPv6 is allowed, we can detect that traffic, and then apply appropriate security polices to the traffic (allow, deny, inspect for malware and threats).
* In the event that an intrepid employee is using IPv6 tunneled inside IPv4, we can detect and block that use as well.
Perhaps I have simplified it too much? Let us know if you agree.
To learn more about the applications, protocols and services we detect and control, check out the applipedia.
Thanks for reading.