http://www.sophos.com/en-us/security-news-trends/security-trends/why-switch-to-ipv6.aspx
While IPv6 will provide many benefits, it also presents several security issues. Most networks are still designed around the IPv4 architecture, meaning all the monitoring and security systems and policies are still focused on IPv4 and will require extensive hardware upgrades to be IPv6 compatible. The main issue with this is that most enterprises are still not able to monitor or manage IPv6 traffic, and the bad guys are taking advantage of it. Because admins don’t or can’t monitor IPv6 traffic, attackers are using this security loop-hole to attack by tunneling IPv4 traffic inside IPv6, creating malware that communicates with IPv6 or using the auto-configuration capabilities of IPv6 to actually control devices.
The move to IPv6 will be costly, so most enterprises will attempt a gradual migration, replacing older IPv4 equipment with IPv6 compatible equipment. While this is an understandable and prudent approach, it will also present its own set of issues. When running in a mixed environment, tunnels must be created to allow traffic to transverse both segments of the network. This will open the door for misconfigurations and unintended security consequences.
The lack of understanding with IPv6 will also be an issue. Most admins know it will provide an exponentially larger address pool; however, the details are still foggy. How will this affect how we currently manage our networks? Does DHCP go away? What about DNS? Planning, training, and extensive preparation will be required when migrating.
http://www.techrepublic.com/blog/it-security/ipv6-oops-its-on-by-default/1955/
Most Operating Systems vendors have jumped onto the IPv6 bandwagon with enthusiasm. Now Red Hat Linux, Windows 7 and 2008r2, Apple, and Solaris come with IPv6 enabled by default. This is creating a huge security risk by allowing unmonitored and unmanaged traffic onto your networks. What is worse is that it can be difficult and time consuming to disable it. With Windows there are GPO templates that you can import that will disable it across your domain, but the native solution is to perform a registry hack at each machine. Just disabling it in the network control panel does not completely disable it. Linux, Solaris, and Apple use similar methods forcing you to touch each computer and are very time intensive when you consider the amount of systems you need to configure. Most security experts are now recommending disabling IPv6 until you have the ability to actually manage and use it - Until then, it is an unnecessary risk that can be easily avoided.
http://gcn.com/articles/2013/08/09/ipv6-attack.aspx
