The Internet is running out of room and, as a  result, it is about to undergo a major transition to expand the number of  available addresses online. This transition is from today’s IPv4 IP protocol to  the new IPv6 standard. Businesses need to know and understand this transition – because there will be new security problems in the interim period.
Even though the promise of IPv6 is one of more  security, IPv4 has earned its bones over the past few decades, and we’ve  familiarized ourselves with what it can and cannot do. On the other hand, we  have little to no experience with IPv6 in the real world. On paper, IPv6 looks  great.But, I’m sure the Titanic did too. At best, IPv6 facilitates better  security, it doesn’t guarantee it.  
Case in point: IPSec.  Essentially, this  secures IP communication by encrypting and authenticating IP packets. In IPv4,  it was optional as a feature; in IPv6, it’s mandatory. Making a feature  mandatory doesn’t mean it will find widespread support; the point is, IPv6 isn’t  automatically more secure. It’s going to take a lot of pre-rollout preparation  and an immense amount of security vigilance to get it right.
For businesses, there’s a lot to consider, and this  will likely fall into the lap of the CSO.  There are all sorts of pitfalls  to avoid, and here are some to keep on top of at all times.
Buggy Programming.  This is where things  usually fall apart.  In a transition this complex, on a scale this large,  programmers are much more likely to make mistakes in the implementation, which  could leave vulnerabilities wide open to hackers, negating the effectiveness of  IPv6’s bells and whistles of security.  The worst-case scenario is actually  ending up with an IPv6 infrastructure that’s even more brittle than the IPv4  infrastructure before it, placing a business at even greater risk, by amplifying  the attack space.
Transition Exploitation. This migration is  going to take a while, and until then, businesses will be straddling a dual  IPv4/IPv6 environment, each with its own specific set of security problems.This  ups the workload for companies’ networking staff and increases the number of  ways things could go wrong. This is where security vigilance is crucial; due to  this hybrid interim, we’re going to encounter unusual situations where hackers  can potentially take advance of an interaction between the protocols.
Ineffective Blacklists. While IP blacklisting  has been successful in reducing the global volume of spam, there’s the concern  that ISPs won’t be able to scale IP blacklisting to IPv6, given its sheer size.  This represents the problem that some security techniques may not transition  very well from IPv4 to IPv6, giving hackers even more room with which to mount  their attacks.
DDos Attacks. Distributed denial of service  (DDoS) attacks, which overwhelm a computer network or Web site to make it  useless, will still pose a threat to businesses in IPv6.  While IPsec can  mitigate the effects of DDoS attacks to some degree, it does not prevent them,  leaving resources at risk of being bombarded and brought to a complete stop.  Broadcast amplification attacks, like “smurf” attacks, can do exactly that: keep  you from your customer.
Evading Security Measures. Fragmentation  attacks will still be a problem in IPv6, although architectural changes mitigate  these attacks more efficiently. Fragmentation attacks can be used to evade,  intrusion detection systems [IDS], intrusion prevention systems [IPS], and  firewalls--often a business's only means for learning when they’re being  attacked. Once they’re in, everything is fair game: client information,  credentials, e-mails and trade secrets.
Masking Points of Origin. Spoofing attacks  will still be a threat in IPv6, but the new IPsec mandate will better manage  this threat for businesses. Spoofing allows hackers to conceal their identities,  making it hard to track them down after an attack. It can also be used to fake  an identity--to implicate an innocent person or company in an attack in which  they had no real involvement. Attacks aren’t limited to those that try to steal  information or destroy resources, they can actually attempt to tarnish the  company’s reputation.
On June 8, World IPv6 Day, industry leaders like 
Facebook, 
Google  (NASDAQ:GOOG), Bing, 
Yahoo  (NASDAQ:YHOO) and Cisco (NADAQ:CSCO), among others, did a test run of their  content over IPv6 for 24 hours. This served as an excellent benchmark for  businesses, in order to gauge--at least somewhat--the impact it will have not  only on their customer base, but their infrastructure.
You’re going to have to hurry: the federal  government is considering the end of 2012 as the deadline for converting to  IPv6.  Don’t take this change lightly; we’re talking about the backbone of  e-commerce, and that can make all the difference between maintaining your bottom  line--or not.