IT Infrastructure - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Infrastructure


IPv6: Ready or Not



 By: Lisa Vaas
2007-05-04
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Infrastructure story.


  Table of Contents:
  1. IPv6: Ready or Not
  2. ' 2 '

Rate This Article:
Poor Best
IPv6: Ready or Not
( Page 1 of 2 )

With a government mandate and Vista support, IPv6 is here—security gotchas, missing support and all.

Way to go, vendors of low-end routers and intrusion detection and prevention systems—youre a stumbling block on Bechtels path to the next-generation Internet.

"Were doing [both IPv4 and the next-generation IPv6 networks], and we anticipate doing both for a number of years," said Fred Wettling, a Bechtel Fellow who manages technology standards and is sponsoring the enterprise IPv6 challenge within Bechtel. "This creates a challenge from the security standpoint of making sure the security mechanisms will do tracking [and] protection on both v4 and v6 concurrently."

The problem, he said, is that "some people making security products are not quite there yet," with "there" meaning product support of native IPv6 connectivity. "Thats kind of frustrating."

Why does Bechtel want IPv6? Imagine the company rapidly deploying employees to New Orleans in the wake of Hurricane Katrina, which the construction outfit in fact did. With the vast IP addressing space IPv6 has ushered in—its main draw—and its ability to turn every notebook, cell phone or other IP-enabled gadget into a server on the peer-to-peer network that IPv6s endpoint-to-endpoint architecture enables, post-Katrina recovery would have been markedly different. For example, trailers could have been connected to each other dynamically once the IP cloud was established, with no work required from Bechtels IT people.

Resource Library:

Its not pie in the sky. IPv6 is here, now. Europe and Asia are roughly tied in the total number of IPv6 addresses they have per capita, said Wettling, based in Oak Ridge, Tenn., and a member of the North American IPv6 Task Force and executive director of the IPv6 Business Council. Also, the U.S. governments Office of Management and Budget has mandated that the federal government—including agencies and contractors—transition by June 2008.

Perhaps most notably for North American enterprises that havent yet dabbled in IPv6, Microsoft is serving up the technology in Windows Vista and "Longhorn," with a protocol to tunnel IPv6 traffic over IPv4—a transition technology to compensate for security and network perimeter device vendors lag time in supporting the new protocol.

IPv6 is now here, and so are its security issues. It is a nightmare scenario for any security officer, according to multiple sources, including Charles Lee, chief technology officer for Verizon Federal—the group within Verizon Business dedicated to serving federal government customers.

"I think that the tipping point has been reached," said Lee in Washington. "What I point to as the killer app is VOIP [voice over IP]. There are huge market forces around untethered voice service: PDA-enabled cell phones and so on. Untethered assets are a real market force. In order for those applications to behave well and work in a broad environment, they need v6 capability. V6 is here. The cell phone folks have already set up address allocations: Nokia reserved 500,000 addresses for itself, [and the] chips have been introduced [that] will enable the next generation of services."

eWEEK Labs Cameron Sturdevant says the switch to IPv6 will be an onerous transition for most IT managers. Click here to read more.

In other words, consumers are either using it now or will use it in the next 12 to 18 months, Lee said. What that will look like to your network is this, he said: "You can do P2P so much easier. Instead of me having to directly access some central repository, I may be able to send information from my cell phone to yours, bypassing any other tracking or storage device in the middle of the network, and thereby have complete security in the course of moving this information."

Yes, IPv6 brings security—or obfuscation, as the case may be—to moving information. One notable feature of IPv6 is that it puts encryption into the hands of the user. Were an IPv6 user to illicitly collect data, he or she could pass it off, without network perimeter security checks able to look inside its encrypted contents, to another peer on IPv6—an accomplice who could be anywhere. "And youve just laid out the nightmare scenario for any security officer," Lee said.

The industry already is facing those challenges, Lee said. "Its not uncommon for security people to be very concerned with data integrity and keeping proprietary data under lock and key, and often we miss the fact that the guy who just walked in has a camera in his cell phone," he said.

The security challenges P2P presents exist today, but theyll be more obvious when IPv6 walks through your enterprises door, Lee said, because "new generations of capabilities will be sitting on peoples hips."

Tunneling is another security implication. Symantec in November first brought up the security implications of Microsofts Vista and the upcoming Longhorn server using the Teredo protocol for tunneling IPv6 over IPv4 networks. Again, the potential security implications of Teredo concern the inability of perimeter devices to see inside packets. IDSes (intrusion detection systems) are generally good at inspecting TCP and UDP (User Datagram Protocol) traffic, which are the traditional protocols that transport Web and e-mail requests. If attacks on a system are tunneled, however, theyll be invisible to IDSes.

Click here to read more about Symantecs fears that Vistas use of Teredo is potentially insecure.

"Any security device needs to be aware of Teredo in order to look into it and analyze traffic traveling over it," said Oliver Friedrichs, director at Symantecs Security Response team, in Mountain View, Calif. "For enterprises, this presents, obviously, a serious concern. Attackers can, for one, tunnel through perimeter devices without being seen and tunnel attacks over [Teredo] without being seen by perimeter devices."

Such perimeter devices include firewalls and low-end routers, such as those from Linksys. "The firewall is traditionally there to filter traffic, but with Teredo its rendered in many cases ineffective," he said.

Next Page: Bechtel wont touch Teredo.





  Reader Comments: IPv6: Ready or Not
>>> Be the FIRST to comment on this article!
 


 
 
>>> More IT Infrastructure Articles          >>> More By Lisa Vaas
 


x}ks㶲*Q3CH)ْ:-KcgR[HHbL<$e[ɞ?q?q-L$%hݍFI9wur5g6%SE]"IoC(~pR/IzA)v@{iFu;ApT7d>9|@vD Ɠ5>X1 |+[S}LF6\3Ѣb ގPk$ȁ_Mܦ%HCxGu)tC(DIږyDm:^N(oT|^aNé-}!*{>$Jk4݋шIGw a}Ʒ;+!X]D4!ڮq4]^Nૌ=QUh/E@^cBȡ[Bh=3dc7.{ -,v2K*-aе w8r 08Jej-nfO-n@w(\'p}j F1 9,!\G-0/<m6L( |HCɤ:ZdQ}9e, f4öCCٰ4\>jrTW#GQ`9ؖ3{p*sN3۟~+Uw9*C[w5-uP\tNi\voac'HH~W&Z.JT:( Ԙ8|5 uz+P%կpAIS# Ԏ40" J1~̢2q}o/e}}uI}rv|i"|e%̠VPAf`W+e`=mݾ\sv.[9^Vs!+|vg>!5M0\̱¬:cUoq`C['\ďSS?&:aZ+jI-]{|&j]}:>$˷Yn[90N`mYn_H!-T,>Jaf k$LJsi)":u P;|sNm҄& 9B:̺NR49V/蟉$Wm4@r5)6B̄H )w'~ާ,-|yEU>hi"A[4 .+J!b^3̤"ȅQ.% Ć>LbO૦yp1jY]6'tauIUi3_}ޡ:itnUO^ S%g 5F4 ,heݴ%!8WoꛛZrOV)Û}ѯQ G'&-d`q86acJݤ#}fE=AAӧAzG|JMk6uI=DC#ɠ:ڴ\gV4!>&MЀ`Ai1[W <ۋJ!pIxZSxv&ztD۠h&rkI7.[A0? { O`p\&{ xk = `Dy+wKPbL{TM`@#@XC Gk 6G\[-[Z6x O͙A }(~~9-WR+C/0tKt|JIIL}NBt"AђF )4 g cX"K"'s`[Wdw$]Vph(7ݞH:w@-h&3ay?cb -d[b}IlΌ eV&vaZLbo7], Sl -Muc{s_9ҴJ >Ѵ7=YK9bi]ygm&,`bꄤHC;N-: ?\ g!a\9:<f3|fZ1kpBa"w4>dufB7 ƉeLH|B3} H8Mlz:{mQH>08vs3tNn~|ZFhIO3Ьr|;厬m[4@>|zS.z:ԍ$r%5kb$T`CL _G) z7HhТ0T]2akRhjMMaf(0q |0b=9ߟ{8[=z,.K i{y]ؕ.R\|znN >0z4'Z>pd`/R=:uouj)ՃI ,璾RVJ~&[b"ud\6˰@\k>Oa3IئnssQ*/KW+ f)R|;ZV*ժ 5UT\=W*ovT&͂)V3G qF'|}>Moũ1ztY9[Jm^J39X>>: '012&z@j9ajv6<~0(rE=4!݅rI6San0-уUT&KV'=ibGHe,]r._a>[7i`rdd8+ѡ,XrMTՑG7`wg*Q :@{!G:0=X,(Y)Yhp^u/eϕSZЁ P}̹5u<X\Y``!> ~4z8b&QajY[ ⺪Tj%}gV{oR64F@2<"C8\bS>ytV{PBK&nƚ7\մr ,09_W>|6Œu8YW]?g`̦Kk`p1\EAc>֍'~@^_B-o# dōfπiNdž m  @;`EODF3۽>S"S8ߊIjfR΁MOT*%0=k@"TAұg.@C׳@g.hLqDGRUe@4eJ1kr_JhUm{\ c4g2|]>_&I|SeYȓV)+Y+TuRaoaqVZʑF HU5EOM#/ PNkZ[C^$G|)탪T&#UiZe%~틨ncEZdЯdL5AKgl!/`.Q(s/l`^ASV<^ےtK קA(6=B3tMnioΛk21簤v ˽'jD@KYJ7eNVځ*\$T+IjEtn:0ȘُYD[^:L&rOfss]`_aOnη;ܝ90FI ʾv@ljpw|L2M: Wjjy>e!r ]N7._Tj vQ ^`| @-c'd1s<ēo =$Ԅ7; +Aנn)ɡ$ |Cʍ D;}R^\ό&էݽ]VSv/(0h_hmdU]uv@.}NvHJۧ>^E!1ag 3W^^f#r|$#>^w?]EcMqr`SRh3 J@cG$bw}WrzjZˏ5ðOQ孀҈FU~Bh^\/~tϻ(9\tx`&yxyȒU4*$yyp|hq\36MF1SV5!g62l&zC5 q^לY0pz!vB ZKUc)zF A0֢<]wVTGWX* ̄o ナ`AQ1 +JG:HvVgp=6" BtX 1teE/R)Q\(뉞OYY}ҽnr3 l}EFoJN^vVҷoDWY+GD_q-5sz<~ \1Z9nܐ!9'18;=h)ޏH"}/p𽧻oEM8L,ӤN)fTDіxi'>fax!wl0q%ӝTLa:߄q?Is6uYغ[NhAgtJē˓!=)ښIմg"8I5F4A2 uID? Mt4DPW Pق $O kzisq^]ҹuX`M`l)ZQ!|Nr 9iG`e>R![yQb}b%h4eW:Bzc'?<9Gs`*䬨;GNՃĶS g>#(3rcvd\Q;yZ1 ?nO8Z7𿲜\ta_9`|;psg5\;>'cv,Q7&}Z9} DK{,i;;坠P.Vp9c|w=lҿǥ̷NuAHK.}<﷯Is 09nJs djBOHԃb5zǿ|뢧  r{k_=3r¸E}ߨ+=hGt?vwJwѧ}E tRTsd;i6ӱ$BUU+j*ۻA\8%'+wr62Ӣ @7Yu (f~Z;pOҠ%cc}d}ݸ;w{f1vnw GJP}yA}I.~({]fO뻬,J骇\v%(]MZ^|>OW%0)Ձd/[y~lb޲V56^傝6`l1gA]*) m >ktЕFu~ 6yq,䩰E bOVMed=I7Xe y[\W& H7,k;g۩HeTaxɡAh$ 0EpOJ[qXMRTI-oaaהԢSOrc>(;nf6eP _`IځzpZAjbrO,9@'_(=Ac*k3)_זnl68c>E<➂aoSHT`qMJQkTy-.Y?|C csRaa"00XPOܑԟal.F1kv4'Z dڋZy NÓq $jWZ<h[.mɪ>k^P@R#|hăyKpN}}J1cTگjނ iH-E`-/kB}5zEz1y/aYθ^yULj=_=_=_=_=v_p>enȝqq .^YLx|S*NX/`է='w0<`gI6C=66ykAvAvśKQ >}iO: ¯ӓ}Xn}4^pKo>'lY|ck=󙁃cÜE{ / lOsknX8mVnن#]}.MHwr,g;-a980+hJY6Um'zfs&6Q"#:'nOH"!HD@B2|oGI,h D$ՑQ1ty<ٲ8 -: 4 c-@&bOM#,a H z4e gvbN]6O?gc:KJ9>_aw1jxŷ/@ cw:x+K@oNpDa'mlkk 7B*B@A|cU%.2|tc75~%G=zES;f`bHM#=—7ʛ)M\롊sDGB &޾ < h,s{x/0jQ+$r.JX)rφ5}MOȔsxtSnoD/61@4Wo͓ih^Jksnz g鴼3h~wLl<6.ZxM+hG P|F0 _#8OU=^k#fEN{)}^)Krk>KѲ6orzlï^JYf-2ĚQQ+i錃ql GޖX1L4 +x((aH=G98\"O)5.f)3h νk(js7X-z/Um/t>xsUߒ\`29\hO7f>#b1DKb\Gj7OQ5F d.FPCUũn./4{*f][Gߋ$=eO) x٣-'=WQ8Jxl J4tr'u[1~RW>~"myxTݦe leͦ l1a6:&M^SwGRJ~v'„|gM=u'ybumKɤQ?(p0g{@=fo \;O0`T#=twThne TŢWd#5B,¶a`De&ȡ-b*1ʵm <݉o$",tkZ4"􀲷9LRcWF%3z J 0KAX^qQ>0&IbX7#uT[&Y R(_{3VGBA8AXJo,"%vEa7>`8wQ%.>^Rlqn/'\93͒EˉtMSc%5!T*j~Az)XZbYE-c 2^|X!tOHk˜xn<vWٜAGu *GZ!դo^/D/ksM>ٜ>3-eM13Ɇ[/kad;˚ ]l}WO/mLtEW8Ow| e -JfeBElcu ~V`}{Na!X*!&ۨ֔2J\d9_K>HP.%$7_w"w99Rma>9(-`̷UKphkY\1yB(B։qJE17&Du#i!'Y,t:s} `i;t]kt 3>нg3B{w$,U6W2 lO0vVpH7lfmmYU)7g%.0,%n'蜜Xp,GC"y԰t|G*_[Gx}!rUq{Va`R,?y`,iJJGh5;Q2*5qÆNC c &)<6$Ae Ї5T?0' )U(O5 nU@Ħ8AnKey64&}^8Eg :ỒWZ=ɝFO/|T3/b=-Ѩ#^>I 11K= o ~8pb XZ`Oh$}b "uFf!&SN" p7ڷO9l~bf2wg-d=]a#G9PC( ~ANzl+J)vga-=2&BZp4eawF}eO9PJƈ\氟aHp=SѨ-T1ȘhD MQ VHxL~1&v+%"&Ls6@@P0H47׷Me-)ĴF#1C$C 1SS<2`dK{۹bbWoH$P`+wdcF>br ¨b)(bU 7/T_-',(pk2ꥦa/x;a 3 s`EPf00a|LS(?LpWNCl8BLkQ.閣zUQpV#ߛ~Sg8 X"*S[7ei~m1I)t#K/Hzs&H@PbJM*IdR|:PJ|+R0cU-+t ]:nV?7.4W PRx  V #vFCT) GL€،\ݹ1B39^&9nIqst/q{}RGݪ;es/4N-fbv>4m+LJrY:2 ͋6Sfr?sm.4 EqɃwg;飱8^;gQ?A)f}Y QޜMӄ-xccj]{=-Z[A 7ޜLے#'u>K8mzfx9n0cP鱷 r!>'}ҽlIkw9?AO9@/9P~ )By794hsOd})4>sZ_~)4:;B)ureN9zOPy}9?ρ]"g|./E|E}/>9/r ϋDorϠ,P ()K..n~+W9sr ?/)n&wC[(+[h6[Ku3Ay3GΚWpzy;}sS^.4s\}W WKӜ(gsVڍnV`{CJg_/G+@I>sumR+ ]yKxM}%k{[Z1iu}חG{1Pi +{ɟyHGW4:<)~bye?VRRw;]]ڤ\j.{][O'ikz(#s<2g!h{U26#{"Գ1VߟQǒGЬW]#=D)s\2fA<'Ԏ3nOArr mv#}_a^؃Я Ҿl3K쓭ú>a=^*gB8D# /0<䤏1Sx ;wMm="t5HÅzO@$?#uRfCij~jZ)}#]\cu A{P$&4vX%P<# .M3^e&MȡN!3p<@&J%FC PtlɎYyU YmBRH6T<gu~o'2@?o 7Xi, v2W!+C<@ŝ+f4Xmot1*m `-YkMD 2YdkS lR$9tgh[L,iރzx"M&=Ɓ<AY%',#[ P`t{^=Lz{ܗB΄[W٨CsR%u 5:X~ kfw0aŘSkCMHn)"9<'${' {}'"0;c L3.a蒆xa8&1s8*+cm,yvwVdk,}%sff\3&2; /C{N)1-XhcЁ$b-Hm7g@oJ`Xkt`$\,7__mD8O2s 2&Q_ ˝Yȅ=yF~ElCahly>ⲁ%!:}`S so#gTÉtr!,NN-ɿlٹ ˜2J1Д8ٶ2?#KrX}P?):OOgsZ!_Hʶ!n,c 0У,*09'5E6<]܈xjݾX gkO˟lہR#nȅxa[:6 nщo߉n^3¶"yX\A4X3'5ȱb@xV=e_qxFN|,X:u!}đYX&7$IV /kti( aaɗvXODNű<<Sf )`|1GtƙW +RSqk~?)ZwByڽK͋CRInoꎾV;yv<;Jj: a ѸTÓ߶;+O,ںqK'?}~lIы6Ҝ%!^Y B*;{ju.?_{zv C&ȕ/g-F#|oUAYf]*Z5Nj|ۊ#iQg8&rYOZilw>8n~뉘h6JM? ۔̡9MR"Zi/!zx6 }OTar?,MM.2a-d