IPv6 taking on national-security implications

U.S. federal agencies said to be the 'guinea pigs' for new network security standard

While the vast majority of networks today are based on the IPv4 protocol, the U.S. government is mandating that defence and civilian agencies are ready to accept IPv6-based traffic as well by June 2008. Those guiding the effort know the transition won't be easy, especially given the lack of IPv6-based security products.

"Unfortunately, we're set to be the guinea pig," says Sheila Frankel, senior computer scientist at the National Institute of Standards and Technology (NIST). "Business will seriously be watching the government experience." Frankel is co-author of "A Profile for IPv6 in the U.S. Government -- Version 1.0," a NIST document that draws attention to the lack of IPv6-based security products, including firewalls, intrusion-detection systems and vulnerability-assessment tools on the market today.

With its charter to set standards for non-classified systems, NIST expects its role will be to set up a conformance-testing regime where independent accredited labs would review network-infrastructure equipment, such as routers and switches for IPv6 support. NIST also wants to set specific requirements for IPv6-based security equipment.

By this summer, says Frankel, NIST will issue for public comment a document titled "Secure Transition to IPv6." The NIST document would be intended to offer guidance to agencies about making the transition into what will be a new world where IPv4 and IPv6 must coexist. It will be a world of dual-stack protocols, IPv4-to-IPv6 and IPv6-to-IPv4 tunnelling. "For the civilian agencies, we have to express this coexistence," Frankel says. "Each carries a burden in terms of processing and security, and there are pros and cons of each approach."

It hasn't been determined whether it will be mandatory for vendors to pass IPv6-related conformance tests in order to sell to the federal agencies, or whether agencies would have to adhere to any proposed NIST IPv6/IPv4 coexistence approach. The final word on that would come from the White House Office of Management & Budget and the General Services Administration, Frankel notes.

The Defense Department has a product-testing regime in place for IPv6 interoperability at the Joint Interoperability Test Command (JITC) at Fort Huachuca, Ariz. The DoD's stated plan is to transition to IPv6 as a core protocol during 2008 and to purchase only IPv6-capable products.

"The DoD just grabbed 248 billion IPv6 address," says James Collins, research-and-development engineer at the Air Force Information Operations Center, who spoke on the topic at the RSA Conference in February. "The DoD needs the address space in support of the war fighter and 'net-centricity' on the battlefield, where everyone and everything has a network address." Collins said the military has a goal to be IPv6-ready in 2008, but he acknowledged it's a race against the clock.

The JITC has approved the first round of IPv6-capable products for host software, routers, Web browsers and mail clients, with Microsoft in the lead on applications and Juniper in routing (see chart). But nary a single evaluated security product has yet to appear.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?