As environments from the public to private sectors increase their utilization of IPV6 addressing, a funny this has developed with VPN access. First, a primer on what exactly is a VPN anyway. The
virtual private networking (VPN) has become a popular Internet security method that adds a layer of security to both private and public networks. This is accomplished by creating a secure "tunnel" within your Internet connection into your “company network to enjoy access to private internal systems”. As a by-product of this connectivity, you may discover that you can “browse in complete privacy online and access content you might otherwise not be able to get such as Netflix or BBC iPlayer”, reports Fernando Gont for SI6 Networks.
What’s the Risk?
Let’s say an employee (let’s call him Joe) needs to access a line-of-business application on the company network from his hotel room while attending a conference. He starts up his VPN software and connects to the corporate Intranet. What just happened? The host running on the corporate network probably supports both IPv4 and IPv6 traffic or dual-stacked (although IPv6 may be disabled) and if Joe’s client software only supports IPv4, this scenario creates a security breach-- thus a VPN leak. The traffic meant to be transferred over a VPN connection could leak out of the VPN connection by way of IPv6 and “be sent in the clear on the local network, without employing the VPN services at all”.
The coexistence of the IPv4 and IPv6 protocols are "glued" together by the Domain Name System (DNS). In Joe’s scenario, “the resulting VPN leak is a side effect of employing IPv6-unaware software (the VPN) in a dual-stacked network”.
Read more to find out how to mitigate this problem.
Sources:
Comments