Blue Coat Systems is adding an IPv6 component to the latest version of the operating system for its PacketShaper appliance, one which can detect a potential security issue for enterprises in the midst of a migration to IPv6: what Blue Coat calls "shadow networks."
Click here for a larger view.
These networks, created by setting up endpoints on IPv6-enabled devices, can run undetected over corporate networks that are transitioning from an IPv4 environment to a dual-stack environment, but which are only set up to monitor their legacy v4 environment.
"As network infrastructure, as PC infrastructure, and as BYOD (bring your own device) items like smartphones and iPads come into the enterprise environment, they're increasingly IPv6 capable and IPv6 configured," said Mark Urban, senior director of product marketing for WAN optimization solutions at Blue Coat, in an interview with FierceTelecom. "So what we've seen is the emergence of these shadow networks operating in traditional IPv4 environments."
For example, Windows 7 by default prefers IPv6, if an IPv6 connection to the Internet is available, Urban explained. "If a network infrastructure has enabled IPv6 it's a very short path for someone who knows enough about it to configure their unit for IPv6," he said.
The security hole that a shadow network creates is potentially a big problem for enterprises. "If ... one curious user plays around with it, suddenly you have these potential exposure points ... (for) entities who are looking for that kind of soft way into the enterprise," Urban said.
The impetus for an IPv6 component on the PacketShaper version 9 upgrade began with Blue Coat's customers in Japan, where IPv6 protocol deployment is more advanced than it is in the United States. The company noticed during beta testing on customer networks that it was seeing IPv6 traffic "where there wasn't supposed to be any."
"We've seen it in at least one beta site and we've had it confirmed by analysts and by customers that there is something potentially there that they're not expecting," said Urban.
The PacketShaper version 9 upgrade gives Blue Coat's enterprise customers migrating to IPv6 visibility into and control of their WAN at the network, application, and content levels in both the v4 and v6 sides of the stack. The upgrade is currently available and free for customers with a current service agreement.
"Traditionally, what a packet shaper is used for is to come in and understand at the application level, at the content level, what's consuming network resources, how can we actually implement QoS policies to bring the network back in line with the enterprise priorities," said Urban.
- see the news release
Six Faces of IPv6: Qing Li, Blue Coat Systems
WAN optimization vendor Blue Coat goes private
70% of IT departments will be IPv6-ready by 2013; Akamai says global average Internet speed now 2.1 Mbps