When Upgrading to an IPv6-enabled Version of a Security Solution, Be Sure It Can Deliver the Same Effectiveness and Performance as IPv4 Versions.
After years of discussion and planning, the transition to IPv6 is finally here, marked by World IPv6 Launch Day on June 6, 2012. Organized by the Internet Society, the day was designed to catalyze equipment and service providers around the world to permanently enable IPv6 for their offerings. While the rollout has only just begun, experts predict that within the next year 10-15% of data will be delivered using IPv6.
The federal government has set milestones as well. By September 30, 2012 agencies are required to support IPv6 on their public-facing Web services and two years later on their internal, operational networks. Major government organizations that have come on line prior to the deadline include the Department of Veterans Affairs, the Environmental Protection Agency, the Defense Research and Engineering Network, Defense High Performance Computing, and the Space and Naval Warfare Systems Command.
To help facilitate the transition, U.S. federal government IPv6 (USGv6) test requirements are in place to help technology vendors demonstrate support for the government’s IPv6 networks and interoperability among all IT and networking components used to build, maintain and secure the IT infrastructure of federal agencies. A certification program is also available so that vendors can be added to the U.S. Department of Defense (DoD) Unified Capability Approved Products List (UC APL) for IPv6.
No one questions the need for the transition as IPv4 addresses are depleted. IPv6 provides more than 340 trillion, trillion, trillion addresses and will carry our global economy and critical infrastructure into the future—connecting billions of people and a wide range of next-generation smart devices, from thermostats that enable remote management to mobile communications devices that support emergency response with integrated real-time video, voice and data.
Yet as we transition to IPv6, whether you’re a business or government agency, you must take a critical look at the technologies you’re relying on to enable these advances and ensure IPv6 “certified” solutions can deliver the same level of effectiveness and performance as their previous IPv4 versions. In order for these updated technologies to meet expectations, consistency is critical.
Consistency is particularly important when it comes to technologies to help secure your IPv6 infrastructure. While you may be taking a step forward by upgrading to the IPv6-enabled version of a security solution, you can’t afford to take a step backwards in effectiveness or performance.
When it comes to security effectiveness look for solutions that:
• Demonstrate comparable effectiveness in identifying and blocking threats targeting IPv6 environments as those targeting IPv4 environments
• Enforce security policies around application and access control consistently across IPv4 and v6 traffic
• Recognize and protect a variety of tunneling mechanisms that enable IPv6 hosts and routers to communicate over IPv4 networks during this transition period when both protocols must be supported
As for performance, understand if the solution:
• Handles IPv6 traffic in the same manner as it handles IPv4 traffic; for example, accelerating IPv4 traffic but failing to apply similar acceleration technologies to v6 traffic can result in severe performance degradation
• Has demonstrated interoperability with existing IT security infrastructure according to US federal government test requirements and certifications
• Is designed to adapt to the incredibly large number of IPv6 addresses available to search for vulnerabilities and not become bogged down by the volume of data
IPv6 promises a world full of new devices, new networks and new security challenges. As infrastructure continues to grow and the pace and complexity of the threat environment accelerates, consistent security effectiveness and performance is critical. Organizations need to ensure that the IT security solutions they’ve trusted in an IPv4 world will continue to meet their expectations as they embrace IPv6 and the future it can enable.
Related Reading: IPv6 Security Challenges to Consider as ‘World IPv6 Launch’ Approaches
Related Reading: Is IPv6 Part of Your Risk Management Framework?
Related Reading: Why Everyone Needs to Care About IPv6
