IPv6 taking on national-security implications

U.S. federal agencies said to be the 'guinea pigs' for new network security standard

While the vast majority of networks today are based on the IPv4 protocol, the U.S. government is mandating that defence and civilian agencies are ready to accept IPv6-based traffic as well by June 2008. Those guiding the effort know the transition won't be easy, especially given the lack of IPv6-based security products.

"Unfortunately, we're set to be the guinea pig," says Sheila Frankel, senior computer scientist at the National Institute of Standards and Technology (NIST). "Business will seriously be watching the government experience." Frankel is co-author of "A Profile for IPv6 in the U.S. Government -- Version 1.0," a NIST document that draws attention to the lack of IPv6-based security products, including firewalls, intrusion-detection systems and vulnerability-assessment tools on the market today.

With its charter to set standards for non-classified systems, NIST expects its role will be to set up a conformance-testing regime where independent accredited labs would review network-infrastructure equipment, such as routers and switches for IPv6 support. NIST also wants to set specific requirements for IPv6-based security equipment.

By this summer, says Frankel, NIST will issue for public comment a document titled "Secure Transition to IPv6." The NIST document would be intended to offer guidance to agencies about making the transition into what will be a new world where IPv4 and IPv6 must coexist. It will be a world of dual-stack protocols, IPv4-to-IPv6 and IPv6-to-IPv4 tunnelling. "For the civilian agencies, we have to express this coexistence," Frankel says. "Each carries a burden in terms of processing and security, and there are pros and cons of each approach."

It hasn't been determined whether it will be mandatory for vendors to pass IPv6-related conformance tests in order to sell to the federal agencies, or whether agencies would have to adhere to any proposed NIST IPv6/IPv4 coexistence approach. The final word on that would come from the White House Office of Management & Budget and the General Services Administration, Frankel notes.

The Defense Department has a product-testing regime in place for IPv6 interoperability at the Joint Interoperability Test Command (JITC) at Fort Huachuca, Ariz. The DoD's stated plan is to transition to IPv6 as a core protocol during 2008 and to purchase only IPv6-capable products.

"The DoD just grabbed 248 billion IPv6 address," says James Collins, research-and-development engineer at the Air Force Information Operations Center, who spoke on the topic at the RSA Conference in February. "The DoD needs the address space in support of the war fighter and 'net-centricity' on the battlefield, where everyone and everything has a network address." Collins said the military has a goal to be IPv6-ready in 2008, but he acknowledged it's a race against the clock.

The JITC has approved the first round of IPv6-capable products for host software, routers, Web browsers and mail clients, with Microsoft in the lead on applications and Juniper in routing (see chart). But nary a single evaluated security product has yet to appear.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?