IPv6: Big deal or not?
Maybe one of the most under-reported and least-understood stories out there is the one about the move to IPv6, from our current IPv4 Internet addressing system. Essentially, the world will eventually run out of IPv4 IP addresses (the line of code that identifies where a device lives in relation to the Internet) and we'll be forced to move to IPv6, which offers addresses with much longer strings of numbers and letters and therefore opens the amount of addresses to something more than trillions and trillions. But what do we actually have to do to prepare for this switchover? When does it have to be done? Will it affect your average installer and end user? How will it affect network security? These are questions I get varying answers on. Here's a story I wrote about IPv6 late in 2007, for reference. Nothing much seems to have changed since then. Other than one release from Axis that mentioned IPv6 capability, I've seen virtually no security manufacturer even mention IPv6. I'm not sure why. I'm reminded of this mostly because of an article I came across today positing that IPv6 might make networks less secure. This is the exact opposite of the information I've been getting, that security is built into IPv6 and it is inherently more secure than IPv4. From my story: Also, Nilsson emphasized the added security features IPv6 offers, and its ability to make installation easier. So, who's right? I understand about half of this, but it appears to be a primer for network security during the IPv6 conversion. Here's a white paper from 3Com (who will be in physical security shortly, I'm told), which points out security vulnerabilities, but is pretty vague. Here's a white paper from SIA, but it's a pdf and is cumbersome for my poor version of Safari. Probably works in Firefox. According to this White House memorandum from 2005, the federal government was supposed to be totally IPv6 compliant by June 30, 2008. Did this happen? Did anybody check? I haven't heard anything to the contrary, but then I run across press releases from Verizon where they talk about upgrading the Army to IPv6. Do they not count as part of the federal government? In short, it seems prudent to make sure your people are up to speed on IPv6, especially if you're doing work with the government, but it doesn't look like the security product manufacturers are in a huge hurry to make things IPv6 compliant. Will this matter? I'm not sure.