Guide to Secure Next Internet Protocol

Wednesday, January 12, 2011 @ 04:01 PM gHale

There is now a way to deploy the next generation Internet Protocol (IPv6) securely.

The need arises because the world is running out of the unique addresses that allow us to use the Internet.

Researchers at the National Institute of Standards and Technology (NIST) issued a guide for managers, network engineers, transition teams and others to help them securely deploy IPv6.

Guidelines for the Secure Deployment of IPv6 (NIST Special Publication 800-119), describes the features of IPv6 and the possible related security impacts, provides a comprehensive survey of mechanisms to deploy IPv6 and suggests a deployment strategy for a secure IPv6 environment.

The ballooning popularity of devices, such as smart phones and netbooks, tied to the Internet is rapidly depleting the number of IP addresses available under the current Internet Protocol version 4 (IPv4), so the networkers of the world are preparing to move to the next generation, IPv6. Among other improvements, IPv6 has a vastly greater number of potential addresses—several billion per each of the world’s current population of about 6.9 billion people.

To ensure that the federal government is prepared for IPv6, the Office of Management and Budget has mandated federal agencies to begin deploying the new protocol. NIST developed the IPv6 security guidelines in support of the Federal Information Security Management Act (FISMA). The publication should help federal agencies avoid possible security risks that could occur during IPv6 deployment. It also could be useful for the private sector and other organizations.

“The Internet protocol pervades every aspect of computer communications, so deploying IPv6 is a major task,” said lead author Sheila Frankel. With detailed planning, organizations can navigate the process smoothly and securely, she said. Most organizations will be operating IPv6 and IPv4 concurrently.

“Security will be a challenge, however, because organizations will be running two protocols and that increases complexity, which in turn increases security challenges,” Frankel said. SP 800-119 describes the security challenges organizations may face as they deploy IPv6. Those challenges include fending off attackers that have more experience than an organization in the early stages of IPv6 deployment and the difficulty of detecting unknown or unauthorized IPv6 assets on existing IPv4 production networks. The publication provides information to consider during the deployment planning process and makes recommendations to mitigate IPv6 threats.

Click here to download the SP 800-119, Guidelines for the Secure Deployment of IPv6.