Arkenox®

We’re excited to share that Arkenox® is now part of the Microsoft for Startups Founders Hub programme! This partnership will enable us to scale our IPv6 security solutions to a global audience, while empowering us to deliver deeper insights and enhanced analysis into the structure of the IPv6 internet. We appreciate the support from Microsoft for Startups as we build the next iteration of our specialised security offering. If you want to learn more about IPv6, follow the Arkenox® LinkedIn page for more posts on IPv6 security and for updates on the progression of IPv6. #IPv6 #IPv6Security #NetworkSecurity #Startup #Microsoft

IPv6 is not just a new version of Internet Protocol (IP) - it introduces a new landscape that requires a different security mindset compared to traditional IPv4 approaches. Deploying and securing IPv6 requires an understanding of its address space, unique features and alternative network configuration methods, as to be able to proactively defend against the emerging threats in this space. So, how do we begin to adopt this new mindset? 1 - Training, Awareness and Parity Achieving parity in security understanding across both protocols means that no part of your network is left vulnerable due to outdated practices or knowledge gaps. Training teams to be aware of IPv6's characteristics is essential to maintaining a robust security posture, because security policies designed for IPv4 often fail to properly protect IPv6. 2 - Address Space and Reconnaissance All attacks start with reconnaissance, properly understanding reconnaissance can help prevent attacks before they can begin. In IPv4, the limited address space makes it relatively straightforward for attackers to scan and identify potential targets using brute force methods - it is possible to scan the entire IPv4 public address space in around 4 minutes. With IPv6, the vast address space makes brute-forcing no longer feasible. This forces attackers to rely on alternative techniques such as DNS analysis, multicast discovery or by guessing common addresses to locate vulnerable systems. 3 - Monitoring and Logging You can’t protect what you don’t know. Effective monitoring and logging in an IPv6 environment requires a different approach because many tools used for IPv4 may not analyse IPv6 networks accurately. From a security team’s perspective, having full visibility into an IPv6 network can massively improve the detection and response to threats, which is essential to reducing the risk that threats pose. If you want to learn more about IPv6, follow the Arkenox® LinkedIn page for more posts on IPv6 security and for updates on the progression of IPv6. #IPv6 #IPv6Security #NetworkSecurity

Thank you to everyone who attended our presentation yesterday on IPv6 Security at The University of Manchester, as part of their Digital Trust and Security Seminar Series. We’ll share the recording as soon as it’s ready - a sneak peak of the final slide of the presentation is shown below. An important discussion at the event was the role of IPsec in IPv6. IPsec (Internet Protocol Security) provides authentication and encryption at the network layer. Initially, it was defined as a mandatory component of IPv6 (RFC 4294), ensuring built-in security for IPv6 traffic. However, in RFC 6434 and subsequently RFC 8504, it became a recommendation rather than a strict requirement. This is disappointing because in IPv6 networks where NAT is not required, we can enable IPsec in Tunnel Mode rather than Transport Mode, gaining the additional security benefits offered by Tunnel Mode IPsec. The main problem now is that it is commonplace to drop packets that contain extension headers, including those necessary for IPsec to function. So, if an organisation attempts to follow the RFCs’ guidance and deploy IPsec in IPv6, much of the organisation’s traffic risks being dropped across the IPv6 internet. A special thanks to Professor Danny Dresner FCIIS for chairing and Wing Sze Kitty Lo for organising the event. If you haven’t already, do check out the other talks in the Digital Futures series—there are lots of interesting sessions on offer. For more information, visit https://lnkd.in/eAjaRjR8. If you want to learn more about IPv6, follow the Arkenox® LinkedIn page for more posts on IPv6 security and for updates on the progression of IPv6. #IPv6 #IPv6Security #IPsec #TechTalks

📣 We’re excited to announce that Arkenox is now based at #DiSHMcr! We’re looking forward to being more involved within the growing security, defence and research community based in this area of the UK. #IPv6 #IPv6Security

We’ve seen a few posts on social media lately about legitimate services and apps being blocked due to poor IP reputation. So, what is IP reputation and how does it impact IPv6 compared to IPv4? IP reputation is the calculated trustworthiness of an Internet Protocol (IP) address. All Internet connected services and apps with a public IPv4 address are assigned an IP reputation. This reputation score helps clients and customers determine whether traffic from these sources should be allowed or blocked - given the risk that untrustworthy IP addresses may pose. Think of IP reputation as a Credit Score but for the internet. IP reputation is derived from the historical activity associated with an IP address. If an IP address has been used to send spam, conduct phishing or control malware at any point, its reputation is likely to have been affected. The issue is that there aren’t enough IPv4 addresses to go around. So, if you stand up any new publicly facing services or apps, you could inherit an IPv4 address that has a bad history, dubbed a “Poisoned IP”. If this happens, then the app or service you spent time and money creating might be outright blocked from being used by your customers or partners. The situation gets worse, because as attackers continue to poison more IPv4 addresses then the quantity of IPv4 addresses with a good reputation continues to decrease. A bad IPv4 reputation is very difficult or sometimes impossible to change. So what about IP reputation and IPv6? IP reputation is not as common in IPv6 as in IPv4 - this is due to a combination of the way IPv6 works, additional features that reduce reliance on IP reputation and the fact that IP reputation providers often do not know how to handle IPv6 addresses. You can also request a Provider Independent IPv6 block from your regional internet registry, such as RIPE NCC. This means that you have an IPv6 block assigned to your organisation which most likely does not come with an unknown and possibly poor reputation. You can allocate IPv6 addresses from that block to stand up your new apps and services via mechanisms such as BYOIP, reducing the risk of “Poisoned IPs” as observed in IPv4. If you want to learn more about IPv6, follow the Arkenox® LinkedIn page for more posts on IPv6 security and for updates on the progression of IPv6. We have an upcoming talk at the The University of Manchester - details can be found here: https://lnkd.in/eb882gQE #IPv6 #IPv6Security #Networking #NetworkSecurity

In just over 3 weeks we'll be giving a seminar on all things IPv6 at the The University of Manchester. Organised by Digital Futures at The University of Manchester and hosted by Danny Dresner FCIIS, we hope to see you all on the 20th February 2025! You can claim your free ticket from the Eventbrite page here: https://lnkd.in/ensYMPs4 #IPv6 #IPv6Security #Seminar #TechTalk #Manchester

📣 IPv6: Predictions for 2025 📣 If you have your own predictions or thoughts please add them in the comments below. #IPv6 #IPv6Security #NetworkSecurity #IoT

📣 AWS Announce Network Firewall Support for IPv6 Service Endpoints. This is a significant move to address the growing need for feature parity in cloud based IPv6 networks - especially when it comes to network security. According to AWS, this update is designed to: “Gradually transition from IPv4 to IPv6 based systems and applications, without needing to switch all over at once” Switching to IPv6 can be daunting for many organisations, particularly when their existing services don’t yet support it. By providing simultaneous support for both IPv4 and IPv6 in Network Firewall, AWS now makes it easier for businesses to migrate at their own pace. This feature removes another barrier to IPv6 adoption, ensuring that as organisations expand or modernise their networks, security remains at the core. 🔗 More information can be found here: https://lnkd.in/e9Q7S_BD #IPv6 #IPv6Security #AWS #CloudSecurity #NetworkSecurity

Interesting news - the start of IPv6 being featured explicitly in common security standards and policies?

Here is our IPv6 Wrapped for 2024. Covering IPv6 adoption statistics, key events and publications. Have a read to see how IPv6 has progressed in 2024. Feel free to add any other key events in the comments below! #IPv6 #IPv6Security