Following World IPv6 Day on June 8, which allowed organizations and individuals with IPv6 connectivity to test the new Internet addressing system but may have left some feeling underprepared for the transition, ICSA Labs is offering seven tips to help IT organizations.
The new addressing system, known as Internet Protocol version 6, or IPv6, will replace the current system, Internet Protocol version 4, which has been in place since the 1980s and whose pool of addresses has almost been used up.
ICSA Labs, an independent division of Verizon and the first third-party laboratory accredited by the National Institute of Standards and Technology to test IPv6 product capabilities for federal agencies, offers the following tips to help enterprises and government agencies make a smooth transition to IPv6:
Act now to avoid future interoperability issues : The transition solution will likely include a combination of mechanisms, including systems that support both IPv4 and IPv6 simultaneously (also known as dual stack); tunneling mechanisms that can connect isolated IPv4-only or IPv6-only networks; and gateways that can translate one protocol to the other to support non-upgradeable legacy systems.
Seek the help of a third party : Organizations should have knowledgeable technical people with IPv6 expertise who are already evaluating and testing infrastructure and applications. Organizations that have not started any evaluation or testing initiatives can obtain assistance through compliance and interoperability programs such as IPv6 Ready Logo and the USGv6 Testing Program, and security testing programs offered by ICSA Labs.
Take inventory of IPv4 and IPv6 systems : The first IPv6 specification was developed in the mid 1990s; however, IPv6 code has not been scrutinized as thoroughly as IPv4. Many bugs and security issues are likely to be discovered, so IT organizations should only purchase products that have been IPv6 certified. Furthermore, organizations should assess IT systems to identify IPv4-only hosts, which cannot communicate directly with IPv6-only hosts. For example, mainframes may be IPv4-only because many are associated with legacy systems.
Make sure IPv6 operates at the application layer : Although IPv6 operates at the network layer, network-aware applications may not function over IPv6 networks. For example, an application may not be able to use the proper socket application programming interface, which allows software to properly use the computer's networking capability. The application also may not be able handle IPv6’s larger address format, or to properly process the domain name server responses with IPv6 records.
Make certain that IPv4 security is supported in the future : Even if an organization is transitioning to IPv6, it is critical that security measures address both IPv4-specific and IPv6-specific vulnerabilities and environments since the transition to IPv6 could take several years. Security policies and configuring network protection devices such as firewalls and intrusion detection and prevention systems, and other devices, will also need to support IPv4 through the lengthy transition to IPv6.
Remember to turn on the IPsec (IP Security) feature : Although IPv6 was designed with this feature, it must be configured properly to function.Pay special attention to securing wireless networks. While IPv6 is a major enabler for mobility, network perimeter protection devices are still required, and the security architecture must also allow for trusted nodes outside the perimeter.
George Japak, managing director, ICSA Labs said “Businesses and government agencies, especially those with large IT organizations, are now trying to figure out how to transition to IPv6, “Ensuring that networks, servers and applications function properly so that business operations continue to run uninterrupted can be a real challenge, especially for organizations lacking in-house IPv6 expertise.”