IPv6 guide provides path to secure deployment of next-generation Internet protocol

Jan 06, 2011

As the day draws nearer for the world to run out of the unique addresses that allow us to use the Internet—now predicted to happen by the end of 2012—researchers at the National Institute of Standards and Technology (NIST) have issued a guide for managers, network engineers, transition teams and others to help them deploy the next generation Internet Protocol (IPv6) securely.

Guidelines for the Secure Deployment of IPv6 (NIST Special Publication 800-119), describes the features of IPv6 and the possible related impacts, provides a comprehensive survey of mechanisms to deploy IPv6 and suggests a deployment strategy for a secure IPv6 environment.

The ballooning popularity of devices, such as smart phones and netbooks, tied to the Internet is rapidly depleting the number of so-called IP addresses available under the current Internet Protocol version 4 (IPv4), so the networkers of the world are preparing to move to the next generation, IPv6. Among other improvements, IPv6 has a vastly greater number of potential addresses—several billion per each of the world's current population of about 6.9 billion people.

To ensure that the federal government is prepared for IPv6, the Office of Management and Budget has mandated federal agencies to begin deploying the new protocol. NIST developed the IPv6 security guidelines in support of the Federal Information Security Management Act (FISMA). The publication is designed to help federal agencies avoid possible security risks that could occur during IPv6 deployment. It also could be useful for the private sector and other organizations.

"The pervades every aspect of computer communications," explains lead author Sheila Frankel, "so deploying IPv6 is a major task." With detailed planning, she says, organizations can navigate the process smoothly and securely. Most organizations will be operating IPv6 and IPv4 concurrently.

"Security will be a challenge, however, because organizations will be running two protocols and that increases complexity, which in turn increases security challenges," Frankel says. SP 800-119 describes the security challenges organizations may face as they deploy IPv6. Those challenges include fending off attackers that have more experience than an organization in the early stages of IPv6 deployment and the difficulty of detecting unknown or unauthorized IPv6 assets on existing IPv4 production networks. The publication provides information to be considered during the deployment planning process and makes recommendations to mitigate IPv6 threats.

Explore further: Twitter takes note of other apps on smartphones

More information: SP 800-119, Guidelines for the Secure Deployment of IPv6, may be downloaded in pdf format from csrc.nist.gov/publications/nis… 00-119/sp800-119.pdf . An index to the NIST 800-series special publications on computer security is available at csrc.nist.gov/publications/PubsSPs.html .

add to favorites email to friend print save as pdf

Related Stories

NIST issues draft IPv6 technical profile

Feb 01, 2007

The National Institute of Standards and Technology (NIST) yesterday issued a draft profile that will assist federal agencies in developing plans to acquire and deploy products that implement Internet Protocol version 6 (IPv6). ...

IEEE-USA President urges action on adoption of 'new internet'

May 25, 2006

Just as "visionaries" of the Age of Enlightenment in 18th century Europe pursued progress through rationality, the developers of the 21st Century's "New Internet" will "benefit the public good by balancing the needs of users ...

IPv6: Challenge to Internet freedom?

Mar 20, 2006

A China-backed Internet technical standard reportedly might allow the traceability of Internet users, especially those opposing government policies.

Making sure the internet delivers

Jul 04, 2008

European researchers have developed affordable test suites that businesses can use to check whether their software will work with the next-generation internet.

Recommended for you

UN moves to strengthen digital privacy (Update)

Nov 25, 2014

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

Nov 25, 2014

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

Nov 25, 2014

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Skultch
not rated yet Jan 06, 2011
The ballooning popularity of devices, such as smart phones and netbooks, tied to the Internet is rapidly depleting the number of so-called IP addresses available under the current Internet Protocol version 4 (IPv4)


Bullcrap! Not ONE of these devices uses a publicly routeable IP. NOT ONE!!!

Show me a network admin that shares his precious IPv4 addresses with DHCP to the public and I'll show you a slack-jawed boob.

IPv4 and NAT can AND WILL keep us going well past 2012.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.