Posting Dates:

January 2011
« Dec   Feb »

The sky isn’t falling

The sky is fallingLately I’ve seen lots of headlines like “internet out of ip addresses by Feb 2, 2011″, ” Vint Cerf takes rap for running out of ip addresses” and “internet just about out of ip addresses”.   I would like to offer there is no need to do your best Chicken Little impression.  It’s true that when the internet was in its infancy, people couldn’t see the need for every person on the internet needing multiple ip addresses and in the early years the ip addresses were handed out without much care given to smart allocation of the blocks.  This has created a shortage of ip addresses as we move forward using the current methods of routing.  Fortunately, the internet community has been planning for and implementing new allocation methods and protocals and upgrading software and hardware.  The successor to IP4 called IP6 allows for trillions of ip addresses and is is in use by and available to most of the key players that route and control these things behind the scenes so that you don’t have to.  The internet is by no means 100% IP6 compliant today, but we’re getting there. 

Early in the morning of January 1, 2000 our power grids still worked, the bank machines still had cash, interest charges were accurate, phone calls were made and my favorite… The ISPs were still routing traffic and I could go have that first, of many, Tanquarys next door.

What have we learned?  We have known that the IP4 address allocation would not sufficient for many years (over a decade).  There is a successor to IP4 called IP6 that’s in place.  That many people and companies have planned for this for years.  There will be a few hiccups as we transition over to IP6.   And most important, almost all of us won’t even know it happened. 

A bunch of pasted information found elswhere:

Original Article from 12//08
Government Computing news

– Mandate to IPv6 Planned back in 2008
– Tracking Every Computer or Device
– Long Term Fed Dream come True

With the Mandate to migrate
all military and Commercial networks to IPv6,

While IPv4 supports roughly 4.3 billion addresses
(not even enough IP addresses
to provide every living person with their own),

IPv6 supports 3.4?10(38power) addresses
or 5?10(28power)
which is (50 octillion)
for each of the 6.5 billion people alive today.

The latest version of IPv6 is defined in RFC 2460.

from Government Computer News

* By William Jackson
* Dec 17, 2010
William Jackson is a senior writer for GCN
and the author of the CyberEye column.

The Federal CIO Council next month (Jan.)
will brief the White House on the readiness of agencies
to begin their transition
to the next generation of Internet Protocols,
said Peter Tseronis,
chairman of the council’s IPv6 task force.

The time for talk and debate is past, he said.
“This is old news. It’s time for execution and deployment.”
The assessments will be based on meetings
that began last month between transition teams
and the Federal CIO Council’s IPv6 Task Force.

Some agencies have done a good job of laying the groundwork
for meeting the 2012 and 2014 deadlines
for enabling the protocols
on public-facing and internal network elements,
said task for chairman Peter Tseronis.
* By William Jackson
* Sep 15, 2010

“It returns us to the original design of the Internet
– any device to address any other device,”

said Bill Crowell,
former deputy Director of the National Security Agency
and now a member of BlueCat Networks’
technical advisory board
for the federal market.

NIST has released the final version
of Special Publication 800-119,
“Guidelines for the Secure Deployment of IPv6.”

( )

SP 800-119 describes IPv6 protocols, services and capabilities,
including addressing, Domain Name System services,
routing, mobility, quality of service, Multihoming,
and IP Security.

For each there is an analysis of the differences
between IPv4 and IPv6
and the security ramifications of those differences.

The guidance characterizes the security threats
posed by the transition to IPv6
and gives guidelines on deployment,
including transition, integration, configuration and testing.
Internal networks must be ready to support the protocols
by the end of fiscal 2014.

* Jan 06, 2011

Although IPv4 addresses
will continue to be assigned to end users
for some time after November
and the IPv4 Internet will continue to operate
for the foreseeable future,
networks will increasingly need to be capable of handling
IPv6 traffic to be accessible to the growing number of users
who will be using IPv6 addresses.

“Organizations should begin now to understand the risks of deploying IPv6,
as well as strategies to mitigate such risks,”
the NIST guidance advises.

“Detailed planning
will enable an organization
to navigate the process smoothly and securely.”

IPv6 incorporates many of the security lessons
learned from implementing the current protocols,
but security will continue to be a challenge, NIST warned.

“IPv6 can be deployed just as securely as IPv4,
although it should be expected
that vulnerabilities within the protocol,
as well as with implementation errors,
will lead to an initial increase in IPv6-based vulnerabilities,”
the guidelines state.

Likely security challenges of IPv6 deployment
identified by NIST include:

* An attacker community
* that probably has more expertise with IPv6
* than an organization in the early stages of deployment.

* Difficulty in detecting unknown or unauthorized
IPv6 assets on existing IPv4 production networks.

* The added complexity of
operating IPv4 and IPv6 in parallel on a network.

* A lack of IPv6 maturity in security products
* when compared to IPv4 capabilities.

* The proliferation of IPv6 and IPv4 Tunnels
* used to accommodate both types of traffic,
* which complicates defenses at network boundaries.

The guidance
urges agencies to increase staff knowledge of and experience with IPv6
and plan for a phased deployment of the new protocols,
during which both sets of protocols will be operating.

To avoid security breaches from the new protocols,
agencies that have not yet deployed IPv6
should block all IPv6 traffic at the firewall,
both incoming and outgoing.
Enabling Web servers outside the firewall for IPv6
will allow outside users of the new protocols
to access those resources
and will give administrators and engineers
experience in handling IPv6 traffic.

Comments are closed.