HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2012 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- IMPROVING THE MANAGEMENT OF FEDERAL GOVERNMENT IT ASSETS THROUGH BETTER COMMUNICATION WITH THE IT INDUSTRY
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- Cloud Computing: Threat or opportunity for VARs and MSPs? Special focus on cloud collaboration and messaging
- The E-discovery Toolbox: What you should look for in a unified e-discovery solution
- Inside the Federal Cloud: Master the Challenges, Seizing the Opportunities
- Virtual Game Changer
Navy official says IPv6 could contain hidden denial of service bugs
A global transition to the next generation of Internet protocol, IPv6, could lead to more cyber attacks in the short run, says the military network security manager of one of the few organizations to fully convert to the new 128-bit address protocol.
In an August 4 press call with reporters, Ron Broersma, who also acts as the chief engineer of the information technology division within the Navy's Space and Naval Warfare Systems Center-Pacific in San Diego, noted that the current Internet routing protocol, IPv4, has been in effect for three decades.
IPv6--despite existing as a technical specification since the late 1990s--is still new, Broersma said.
"And so, we haven't found all the bugs yet. I wouldn't be surprised if some denial of service bugs are discovered over the next few years," he said.
The world has little choice but to adopt IPv6 in the coming years as the current 32-bit system runs out of new addresses in late 2011. Address exhaustion will not force an overnight conversion to IPv6 since network address translation network devices already have extended the life of IPv4, but a transition to IPv6 is all but inevitable. The federal government, in fact, has prepared (.pdf) for IPv6 since 2005.
SPAWAR-Pacific has been a Defense Department IPv6 transition pilot since 2003, Broersma said. "I know of no other enterprise network that has gone to the depth of top to bottom implementation of this new protocol and lives in it in a production environment," he added.
A common assumption is that IPv6 networks will be more secure than today's due to a requirement that compliant IPv6 implementations include the IPsec protocol, which requires the authentication and encryption of data packets. But that's incorrect, Broersma said.
"IPsec was around for IPv4 and we use it every day, it was just never mandated. But you can certainly obtain the protocol and use it. In that sense [IPv6] really is not more secure for that reason," he said.
However, IPv6 will offer more security in the sense that enumerating an entire subnet by pinging addresses would take centuries in a 128-bit address space, Broersma said. The obsolesce of network address translators will also make possible true end-to-end security between endpoints, Broersma said.
As for his advice on organizations as they embark on an IPv6 transition, Broersma said one step should be a comprehensive security audit so that all IPv4 security features are duplicated in the IPv6 network.
Among the biggest lessons learned from SPAWAR-Pacific's IPv6 experience is the fact that many products that claim to be IPv6 capable are in fact not, he added.
As a result, SPAWAR ended up doing a lot of quality assurance testing for feature parity that vendors should have done, Broersma said.
Vendors have "been very happy to take our feedback," Broersma added.
Related Articles:
When appliances spy: Privacy concerns over the smart grid
Panel urges DoD role in domestic network cybersecurity
Federal government lacks clear cybersecurity strategy, says GAO
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
