Following World IPv6 Day on June 8, which allowed organizations and individuals with IPv6 connectivity to test the new Internet addressing system but may have left some feeling underprepared for the transition, ICSA Labs is offering seven tips to help IT organizations.
The new addressing system, known as Internet Protocol version 6, or IPv6, will replace the current system, Internet Protocol version 4, which has been in place since the 1980s and whose pool of addresses has almost been used up.
"Businesses and government agencies, especially those with large IT organizations, are now trying to figure out how to transition to IPv6," said George Japak, managing director, ICSA Labs. "Ensuring that networks, servers and applications function properly so that business operations continue to run uninterrupted can be a real challenge, especially for organizations lacking in-house IPv6 expertise."
ICSA Labs, an independent division of Verizon and the first third-party laboratory accredited by the National Institute of Standards and Technology to test IPv6 product capabilities for federal agencies, offers the following tips to help enterprises and government agencies make a smooth transition to IPv6:
- Act now to avoid future interoperability issues. The transition solution will likely include a combination of mechanisms, including systems that support both IPv4 and IPv6 simultaneously (also known as dual stack); tunneling mechanisms that can connect isolated IPv4-only or IPv6-only networks; and gateways that can translate one protocol to the other to support non-upgradeable legacy systems.
- Seek the help of a third party. Organizations should have knowledgeable technical people with IPv6 expertise who are already evaluating and testing infrastructure and applications. Organizations that have not started any evaluation or testing initiatives can obtain assistance through compliance and interoperability programs such as IPv6 Ready Logo and the USGv6 Testing Program, and security testing programs offered by ICSA Labs.
- Take inventory of IPv4 and IPv6 systems. The first IPv6 specification was developed in the mid 1990s; however, IPv6 code has not been scrutinized as thoroughly as IPv4. Many bugs and security issues are likely to be discovered, so IT organizations should only purchase products that have been IPv6 certified. Furthermore, organizations should assess IT systems to identify IPv4-only hosts, which cannot communicate directly with IPv6-only hosts. For example, mainframes may be IPv4-only because many are associated with legacy systems.
- Make sure IPv6 operates at the application layer. Although IPv6 operates at the network layer, network-aware applications may not function over IPv6 networks. For example, an application may not be able to use the proper socket application programming interface, which allows software to properly use the computer's networking capability. The application also may not be able handle IPv6's larger address format, or to properly process the domain name server responses with IPv6 records.
- Make certain that IPv4 security is supported in the future. Even if an organization is transitioning to IPv6, it is critical that security measures address both IPv4-specific and IPv6-specific vulnerabilities and environments since the transition to IPv6 could take several years. Security policies and configuring network protection devices such as firewalls and intrusion detection and prevention systems, and other devices, will also need to support IPv4 through the lengthy transition to IPv6.
- Remember to turn on the IPsec (IP Security) feature. Although IPv6 was designed with this feature, it must be configured properly to function.
- Pay special attention to securing wireless networks. While IPv6 is a major enabler for mobility, network perimeter protection devices are still required, and the security architecture must also allow for trusted nodes outside the perimeter.
About ICSA Labs
ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security products and network-connected devices, such as printers and faxes, to measure product compliance, reliability and performance to many of the world's top security vendors. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information
Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to mass market, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with more than 104 million total connections nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers seamless business solutions to customers around the world. A Dow 30 company, Verizon employs a diverse workforce of more than 196,000 and last year generated consolidated revenues of $106.6 billion. For more information, visit www.verizon.com.