by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : September 2013
[BrieFing] An automated attack tool released at the recent DEF CON hackers' conference lets an outsider intercept IPv6 traf c by setting up a rogue router on an IPv4 network. By tricking operating systems into using the malicious router, attack- ers could read and modify unprotected Internet traf c before passing it along. This man-in-the-middle attack works because most current operating systems, including Windows 7 and 8, and Mac OS X, are enabled to use the next generation of Internet Protocols by default, but most networks still are con- gured to use only IPv4. If the malicious router advertises itself on the network as accepting IPv6 traf c, host operating systems will use that router and the traf- c will be invisible on the IPv4 network. "When you set up a Windows box, by default IPv6 is enabled," said Scott Behrens, senior security consultant at Neohapsis. Behrens, along with researcher Brent Bandelgar, demon- strated the attack at DEF CON as the automated script, named Sudden Six, was released by Neohapsis. Behrens said that releasing the script, intended for use in penetration testing, should increase awareness of the risks of unmanaged IPv6 traf c. Federal agencies are under a 2010 mandate from the Of ce of Manage- ment and Budget to enable IPv6 on their networks. The nearly one-third of agencies that have not begun the process of enabling IPv6 on their networks are likely to be vulnerable to a man-in-the-middle at- tack from a rogue server. The attack has limitations. "It has to run on your local network," Behrens said. That means an attacker would need an insider to install it on the network, either as an accomplice or through social engineering. Another drawback is that many websites use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt traf c, which means the rogue server in the middle will not be able to read it. The ultimate solution is to enable IPv6 end-to-end on your network so that the traf c is visible and a rogue server advertising IPv6 will not get preference from hosts. But that takes planning, effort and time and "a lot of organizations aren't there yet," Behrens said. Until then, IPv6 should be disabled on the network, or tools should be used such as Cisco's IPv6 RA Guard, which blocks rogue router advertisement messages. • Automated attack is one more reason to fully deploy IPv6 BY WILLIAM JACKSON 6 GCN SEPTEMBER 2013 • GCN.COM Mobile devices are leading the shift to IPv6, with a higher proportion of con- nections to sites optimized for smart phones and tablets using the new pro- tocols, according to measurements from content delivery company Akamai. "This can be a pretty compelling argu- ment for reducing your reliance on IPv4," said Leslie Daigle, the Internet Society s chief Internet technology o cer. With the growing use of mobile devices to access government networks, IPv6 tra c in the .gov domain is expected to grow quickly. Windows Phone OS 8 BlackBerry OS 10 Android 4.1/4.2 (Jelly Bean) Android 4.0 (Ice Cream Sandwich) Android 2.3 (Gingerbread) Apple iOS 6 Apple iOS 5 Apple iOS 3 and iOS 4 12.0% 5.9% 10.8% 3.2% 1.6% 1.8% 1.4% 1.1%