IPv6 guide provides path to secure deployment of next-generation Internet protocol

Jan 06, 2011

As the day draws nearer for the world to run out of the unique addresses that allow us to use the Internet—now predicted to happen by the end of 2012—researchers at the National Institute of Standards and Technology (NIST) have issued a guide for managers, network engineers, transition teams and others to help them deploy the next generation Internet Protocol (IPv6) securely.

Guidelines for the Secure Deployment of IPv6 (NIST Special Publication 800-119), describes the features of IPv6 and the possible related impacts, provides a comprehensive survey of mechanisms to deploy IPv6 and suggests a deployment strategy for a secure IPv6 environment.

The ballooning popularity of devices, such as smart phones and netbooks, tied to the Internet is rapidly depleting the number of so-called IP addresses available under the current Internet Protocol version 4 (IPv4), so the networkers of the world are preparing to move to the next generation, IPv6. Among other improvements, IPv6 has a vastly greater number of potential addresses—several billion per each of the world's current population of about 6.9 billion people.

To ensure that the federal government is prepared for IPv6, the Office of Management and Budget has mandated federal agencies to begin deploying the new protocol. NIST developed the IPv6 security guidelines in support of the Federal Information Security Management Act (FISMA). The publication is designed to help federal agencies avoid possible security risks that could occur during IPv6 deployment. It also could be useful for the private sector and other organizations.

"The pervades every aspect of computer communications," explains lead author Sheila Frankel, "so deploying IPv6 is a major task." With detailed planning, she says, organizations can navigate the process smoothly and securely. Most organizations will be operating IPv6 and IPv4 concurrently.

"Security will be a challenge, however, because organizations will be running two protocols and that increases complexity, which in turn increases security challenges," Frankel says. SP 800-119 describes the security challenges organizations may face as they deploy IPv6. Those challenges include fending off attackers that have more experience than an organization in the early stages of IPv6 deployment and the difficulty of detecting unknown or unauthorized IPv6 assets on existing IPv4 production networks. The publication provides information to be considered during the deployment planning process and makes recommendations to mitigate IPv6 threats.

Explore further: Startups offer banking for smartphone users

More information: SP 800-119, Guidelines for the Secure Deployment of IPv6, may be downloaded in pdf format from csrc.nist.gov/publications/nis… 00-119/sp800-119.pdf . An index to the NIST 800-series special publications on computer security is available at csrc.nist.gov/publications/PubsSPs.html .

add to favorites email to friend print save as pdf

Related Stories

NIST issues draft IPv6 technical profile

Feb 01, 2007

The National Institute of Standards and Technology (NIST) yesterday issued a draft profile that will assist federal agencies in developing plans to acquire and deploy products that implement Internet Protocol version 6 (IPv6). ...

IEEE-USA President urges action on adoption of 'new internet'

May 25, 2006

Just as "visionaries" of the Age of Enlightenment in 18th century Europe pursued progress through rationality, the developers of the 21st Century's "New Internet" will "benefit the public good by balancing the needs of users ...

IPv6: Challenge to Internet freedom?

Mar 20, 2006

A China-backed Internet technical standard reportedly might allow the traceability of Internet users, especially those opposing government policies.

Making sure the internet delivers

Jul 04, 2008

European researchers have developed affordable test suites that businesses can use to check whether their software will work with the next-generation internet.

Recommended for you

Startups offer banking for smartphone users

21 hours ago

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Skultch
not rated yet Jan 06, 2011
The ballooning popularity of devices, such as smart phones and netbooks, tied to the Internet is rapidly depleting the number of so-called IP addresses available under the current Internet Protocol version 4 (IPv4)


Bullcrap! Not ONE of these devices uses a publicly routeable IP. NOT ONE!!!

Show me a network admin that shares his precious IPv4 addresses with DHCP to the public and I'll show you a slack-jawed boob.

IPv4 and NAT can AND WILL keep us going well past 2012.