ISS X-Force has released a whitepaper describing the current and future security implications of the IPv6 protocol. The main premise of the paper is to help educate administrators and network operators about how IPv6 can be used today on current IPv4 networks to establish rogue channels and to evade IDS systems. I have included the executive summary, and a link to the paper in its entirety below:
Internet Protocol version 6 (IPv6) contains numerous features that make it attractive from a security standpoint. It is reliable and easy to set up, with automatic configuration. Huge, sparsely populated address spaces render it highly resistant to malicious scans and inhospitable to automated, scanning and self-propagating worms and hybrid threats.
IPv6 is not a panacea for security, though, because few security problems derive solely from the IP layer in the network model. For example, IPv6 does not protect against misconfigured servers, poorly designed applications, or poorly protected sites. In addition, IPv6 and IPv6 transitional mechanisms introduce new, not widely understood, tools and techniques that intruders can use to secure unauthorized activity from detection. These IPv6-derived efforts are often successful even against existing IPv4 networks.
Since many network administrators have yet to take advantage of IPv6, they may be unaware of IPv6 traffic that has tunneled into their networks. Attackers are already using this potential oversight to establish safe havens for attack.
Fortunately, existing protection technology is equipped for IPv6, making protection across this emerging standard both practical and straightforward. This whitepaper discusses the security implications of IPv6 and solutions that enable administrators to protect against attacks, intrusions and backdoors that take specific advantage of the protocol.
Security Implications of IPv6: http://documents.iss.net/whitepapers/IPv6.pdf
Engineering Manager, X-Force R&D