IPv6: Big deal or not?

 - 
01/26/2009
Maybe one of the most under-reported and least-understood stories out there is the one about the move to IPv6, from our current IPv4 Internet addressing system. Essentially, the world will eventually run out of IPv4 IP addresses (the line of code that identifies where a device lives in relation to the Internet) and we'll be forced to move to IPv6, which offers addresses with much longer strings of numbers and letters and therefore opens the amount of addresses to something more than trillions and trillions. But what do we actually have to do to prepare for this switchover? When does it have to be done? Will it affect your average installer and end user? How will it affect network security? These are questions I get varying answers on. Here's a story I wrote about IPv6 late in 2007, for reference. Nothing much seems to have changed since then. Other than one release from Axis that mentioned IPv6 capability, I've seen virtually no security manufacturer even mention IPv6. I'm not sure why. I'm reminded of this mostly because of an article I came across today positing that IPv6 might make networks less secure. This is the exact opposite of the information I've been getting, that security is built into IPv6 and it is inherently more secure than IPv4. From my story: Also, Nilsson emphasized the added security features IPv6 offers, and its ability to make installation easier. So, who's right? I understand about half of this, but it appears to be a primer for network security during the IPv6 conversion. Here's a white paper from 3Com (who will be in physical security shortly, I'm told), which points out security vulnerabilities, but is pretty vague. Here's a white paper from SIA, but it's a pdf and is cumbersome for my poor version of Safari. Probably works in Firefox. According to this White House memorandum from 2005, the federal government was supposed to be totally IPv6 compliant by June 30, 2008. Did this happen? Did anybody check? I haven't heard anything to the contrary, but then I run across press releases from Verizon where they talk about upgrading the Army to IPv6. Do they not count as part of the federal government? In short, it seems prudent to make sure your people are up to speed on IPv6, especially if you're doing work with the government, but it doesn't look like the security product manufacturers are in a huge hurry to make things IPv6 compliant. Will this matter? I'm not sure.

Comments

Hi Sam,

A quick comment: People have been talking about IP addresses running out since 1999. I remember reading books and worrying about the transition to IPv6 back then.

It's obviously going to happen but it's one of these things that we should be skeptical about when and where it will happen.

[...] remember that post where I wondered about whether IPv6 was a big deal or not? Well, our keynoter, Jack Johnson, former CSO for DHS, apparently feels IPv6 is a big deal. He used [...]