Content Copyright © 2011 Bloor. All Rights Reserved.
Also posted on: Security Blog
The internet protocol (IP) is the primary communications protocol for determining how data packets are routed around the internet and is responsible for the addressing system that ensures traffic is routed to the intended destination. The current version is IPv4 and has worked well for years, running in the background without anyone really worrying about it.
But IPv4 was developed when the internet was a smaller place. Ten years ago, there were slightly over 360 million internet users worldwide; by mid-2010, that had grown to around two billion. However, those numbers do not tell the whole story. Many people use more than one device to connect to the internet, often a mobile device in addition to a PC. As well as this, any manner of devices are becoming internet-enabled—from home appliances to medical equipment, networked cameras to intelligent transport systems, online gaming consoles to cars. It is estimated that there are currently five billion devices connected to the internet and that by 2020 that number will grow to some 50 billion. Each device needs an IP address to identify it on the network and there are simply not enough addresses available with IPv4.
Because of this, IPv6 was developed some years ago, offering a vastly expanded pool of available IP addresses. The transition to IPv6 is not optional as the internet and the number of devices connected to it continues to expand. There are many reasons for switching over to IPv6 beyond the fact that the number of available IP addresses is at exhaustion point—it offers security improvements over IPv4, such as mandatory use of IPSec for encryption and authentication, it offers auto-configuration for new devices connected to the network, it offers superior connections for mobile devices and improves peer-to-peer collaboration capabilities. However, there are also new security issues that it introduces that will need to be addressed, including an increased risk of distributed denial of service and buffer overflow attacks.
According to network equipment and services vendors, those security risks can be mitigated. Of more concern are security issues that are not inherent in IPv6 per se, but rather concern the way that it is used and implemented. Misconfigurations are considered to be among the most important security issues since IPv6 is new, is considered to be complex, and there is a lack of implementation and policy guidance, training and available tools.
In an effort to test drive IPv6 implementations, 8th June 2011 was designated as IPv6 Day by the Internet Society. A wide variety of organisations participated in IPv6Day, ranging from web content providers such as Facebook, Yahoo and Google, to service providers and telcos. The purpose of the day is to gather information about how IPv6 functions in a production environment with a view to accelerating the momentum of its deployment worldwide and to work out how to iron out problems that are already known about, such as IPv6 brokenness, which are primarily related to misconfigured network equipment and faulty firewall settings.
IPv6 Day was not a flag day for worldwide implementation of IPv6, which will probably take a number of years. However, it was an important milestone in terms of uncovering the issues that will be involved in its deployment so that any problems can be solved. The results of IPv6 Day will be reported on in further articles on this blog.