With the continuous flow of varying government regulations surrounding IPv6, I’ve been wondering about the impact on security. Just having addressing support isn’t enough. Lucky for us, today Cisco announced the early availability of cloud-based IPv6 support for the Cisco IronPort Email Security portfolio. Cisco email security customers of all form factors — appliance, cloud and hybrid — are able to send and receive IPv6 emails through the Cisco infrastructure. Customers so far are very pleased.
The continuous growth of the Internet requires that its overall architecture evolve to accommodate new technologies to support the growing numbers of users, applications, appliances, and services. As per Cisco and industry estimates, the IPv4 address space will be exhausted in the next two years. This will cause every organization to face the inevitable transition from IPv4 to IPv6.
In recent months, Cisco Security Intelligence Operations (SIO) has witnessed a rise in criminal activity on IPv6, particularly as sources of email threat messages and in channels used by botnet command-and-control infrastructure.
In 2008, Time Magazine was hosting its 100 Most Influential People of the Year award. To provide legitimacy and deter users from ballot stuffing, Time created a system whereby each IP address received one vote. The hacker team that pushed the winner, Moot, to the top of the charts faked out the system by using an IPv6 address that didn’t work with the application. Although this hack was acknowledged by Time and was not harmful, it still shows that security is a critical aspect of deploying IPv6 protocol.
While the threat volume to date has been relatively low, Cisco SIO expects this trend to only continue as IPv6 implementation increases. As the backbone of Cisco’s threat collection and correlation system, Cisco SIO is investing to expand our reputation scoring for IPv6 traffic. One of Cisco’s first layers of threat defense is reputation filtering. Reputation filtering looks at the IP address of the incoming mail message and rates it on a scale of plus or minus ten representing IP trustworthiness. For Cisco customers, it will not matter whether the address is IPv4 or IPv6, since all addresses will be treated the same, with no tuning required by the email administrator. Investments are already underway to fully build out the IPv6 SenderBase Reputation Scoring (SBRS).