IPv6 as a Technology Refresh
I've written about government and IPv6 before. The article OMB: No new money for IPv6 by David Perera includes the following:
"Federal agencies have all the money they need to make a mandatory transition to the next generation of IP, a top Office of Management and Budget official said today.
'The good news, you have all the money you need. [IP Version 6] is a technology refresh' said Glenn Schlarman, information policy branch chief in OMB's Office of Information and Regulatory Affairs. Schlarman spoke at a Potomac Forum event on IPv6. 'You have to adapt, reallocate,' he added."
Moving from IPv4 to IPv6 is like transitioning from horse-drawn buggies to internal combustion engine-driven automobiles. Both carry passengers but the complexities, opportunities, and risks associated with cars make the upgrade far more than a "technology refresh."
The biggest single problem with IPv6 is network administrators are not familiar with it. 24 years after IP was presented in RFC 791 there are still people who do not understand the networks for which they are responsible. IPv6 is going to confuse this situation by an order of magnitude. Training is the only way to have a chance to successfully implement IPv6. Unfortunately, OMB is mandating from on high but not providing resources to get administrators trained to handle these new protocols.
I expect a wave of new intrusions during and after the transition to IPv6. Not only with the IPv6 network stacks will be directly exploited, but common misconfigurations will plague enterprises for years.
"Federal agencies have all the money they need to make a mandatory transition to the next generation of IP, a top Office of Management and Budget official said today.
'The good news, you have all the money you need. [IP Version 6] is a technology refresh' said Glenn Schlarman, information policy branch chief in OMB's Office of Information and Regulatory Affairs. Schlarman spoke at a Potomac Forum event on IPv6. 'You have to adapt, reallocate,' he added."
Moving from IPv4 to IPv6 is like transitioning from horse-drawn buggies to internal combustion engine-driven automobiles. Both carry passengers but the complexities, opportunities, and risks associated with cars make the upgrade far more than a "technology refresh."
The biggest single problem with IPv6 is network administrators are not familiar with it. 24 years after IP was presented in RFC 791 there are still people who do not understand the networks for which they are responsible. IPv6 is going to confuse this situation by an order of magnitude. Training is the only way to have a chance to successfully implement IPv6. Unfortunately, OMB is mandating from on high but not providing resources to get administrators trained to handle these new protocols.
I expect a wave of new intrusions during and after the transition to IPv6. Not only with the IPv6 network stacks will be directly exploited, but common misconfigurations will plague enterprises for years.
Comments
I figure if I start now I'll be a couple of years ahead of industry and have marketable skils, I did the same for INFOSEC, I mean Network Security - sorry for the slip up, I'll do better next time [note: Rich hates the INFOSEC term].
Thomas
Areas that we have had a closer look at is the continued support of overlapping fragments (why would anyone want this other than the obvious???) and the possibility that networking devices might have resources consumed by a high number of extension headers (IPv6 has no upper limit on how many extension headers may exist). Tools are actively being developed that are able to test these scenarios.
Chas Tomlin
System Administrator
School of Electronics and Computer Science
University of Southampton