Businessman jumping across broken span of bridge

When moving to IPv6, beware the risks

Opening up networks and systems to the next generation of Internet Protocols entails some risk, which agencies should be aware of and prepared to mitigate as they comply with Office of Management and Budget Mandates to enable IPv6.

More Info

Will IPv4 be obsolete sooner than expected?

The U.S. government is leading the transition to IPv6 and use of the new protocols is growing; one observer predicts IPv4 will be obsolete by the end of the decade. Read more.

The National Institute of Standards and Technology identifies the likely risks and remedies in its Special Publication 800-119, “Guidelines for Secure Deployment of IPv6.”

“IPv6 can be deployed just as securely as IPv4, although it should be expected that vulnerabilities within the protocol, as well as with implementation errors, will lead to an initial increase in IPv6-based vulnerabilities,” the guidelines say.

Likely security challenges of IPv6 deployment include:

  • The possibility that attackers might have more expertise with IPv6 than an organization in the early stages of deployment.
  • Difficulty in detecting and managing unknown or unauthorized IPv6 assets on existing IPv4 production networks.
  • The added complexity of operating parallel IPv4 and IPv6 networks.
  • A lack of IPv6 maturity in security products.
  • The proliferation of IPv6 and IPv4 tunnels can complicate defenses.

To meet these challenges, agencies should increase staff knowledge of and experience with IPv6 and plan for a phased deployment of the new protocols, NIST says. If IPv6 has not been formally deployed in a network, agencies should block all IPv6 traffic at the firewall, both incoming and outgoing.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above