Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

A Word About the Long Term: IPv6

If I had a nickel for every time a business executive told me that he didn't need to buy my security stuff now because the next generation of the Internet protocol, called IPv6, would be available "next year" and have built-in security... Back in 2000, when I was at IBM, I briefed the U.S. secretary of commerce on IPv6, and what it would be able to do. Although we spent more time trying to convince him that broadband would become commonplace and that wireless was a reality, we did focus on the additional security that would be available when there was full adoption of IPv6. (Today we run under IPv4. No one knows what happened to version 5. It is like that weird uncle who just disappeared and is never talked about at dinner.)

IPv6 is here now. Can you feel it? Do you use it? Does it matter? If you use Microsoft XP or newer, you can select version 6 as your protocol. But the key to my message to the secretary was that it needed to be "fully adopted." It is not today, and it will be a while until it is. Also, like much new technology, it won't live up to its hype. Just like Dean Kaman's Segue did not "revolutionize human transportation around the world, changing the way cities of the future are designed," IPv6 will not automatically make the Internet a safe place to work. Just as Segue turned out to be the adult bicycle of the scooter set, IPv6 will be just the next protocol. It will not be the answer to all your prayers, and waiting for it is no excuse for poor security today. That's not to say IPv6 isn't necessary and won't help. Today only 10 percent (600 million out of 6 billion) of the world's humans are online (and the world is adding 79 million new people a year—and IPv4 is already running out of address space). Compound that with the coming "always on" broadband evolution, wherein each human will require dozens of individual network addresses. IPv6 will give us an almost limitless supply of these addresses, and this is the key driver. Also, IPv6 has security built in, whereas IPv4 needs to add security on top. IPv6 also has built-in privacy capabilities.

Some countries are betting big time on this next generation. Japan has in- vested in IPv6 more than any other country, and its companies are best positioned to enjoy the future fruits. Companies such as Sony have met an "All IPv6 Compatible" pledge, and these companies stand to be a prime supplier to European countries such as France and Sweden. Although the United States has many IPv6 product companies, look for them to export more than is used domestically for a while, despite a strong Department of Defense mandate to purchase. High-population countries that came late to the Internet, such as China and India, will benefit most from IPv6, because their address space allocation under version 4 is highly fragmented and prone to breakdowns and workarounds. And countries trying to leverage mobile communications such as Sweden, Japan, and Germany will see early rewards.

What does all this greatness-to-come mean for cross-border companies today? One piece of advice, from a trustee of the Internet Society and the president of the IPv6 Forum Latif Ladid, is to "look for 'IPv6 aware' on all the communications products that you purchase today, and expect to be buying new security technol-ogy from new security vendors over the next five years, to leverage the different security capabilities that will be available to you. Although it will have many new security capabilities available to us, it will still be up to the companies that use the Internet to ensure their own safety."

Internet Protocol (IP) has become a cross-border natural resource. It's up to all of us to increase its capabilities.

—Latif Ladid, President, IPv6 Forum, Luxembourg

IPv6 Security Benefits to Come

  • Greater address space provides for greater granularity.

  • Built-in header authentication, which will stop current spoofing.

  • No need for Network Address Translation (NAT) boxes, which have raised risks.

  • Built-in end-to-end security functionality.

  • Slower spread of viruses because of longer address lengths. (IPv4 = 10 hours and IPv6 = 2 billion years to scan address space.)

  • Built-in privacy protocols.

  • + Share This
  • 🔖 Save To Your Account