nCircle Federal Outlook Blog

Where in the IPv6 world are your assets?

Here at nCircle, we watched World IPv6 Day with great interest. U.S. federal government mandates have been a long-standing driver for our focus on IPv6, as have some key commercial customers. But outside those few, it seems like most people in cybersecurity circles have their hands full with other challenges and have greater priorities than IPv6.

That's an approach that will need to change; Federal CISO's and other security executives are going to have to wrap their heads and hands around this one pretty soon. Federal agencies, because of government mandates, will end up out in front whether they are ready or not. And unfortunately, there are some security fundamentals that must change, radically, to cope with an IPv6 world. One was identified in the test yesterday, where buffer overflows and DOS attacks could result from improper or immature implementations of the protocol.

But the security challenges will be harder than just double-checking implementation details. There's a tendency to think that IPv6 is just like IPv4, only bigger. My colleague, TK, has a wonderful riff on just how much bigger IPv6 is... there's a point at which scale changes everything. Let's take just one example that's really salient in nCircle's segment of security. Traditional methods of actively scanning a network to discover and profile assets - done in hours in IPv4 - would take billions of years in IPv6. Yet it will be easier than ever to hide a rogue presence. Where, indeed, are your assets?

New technologies are needed to secure this vastly larger frontier; nCircle and many others are working today to make sure that the right solutions are available. In the meantime, cybersecurity execs do have some meaningful choices they can make today. For one, they can certainly require that current asset discovery or scanning solutions at least identify IPv6-capable, and IPv6-enabled, devices resident in their IPv4 environments. After all you probably have IPv6 in your environment today, residing side-by-side with IPv4 on your existing devices. It is hard enough to manage and secure devices you know are there...much harder if you don't...

For most of the buzz around World IPv6 Day the focus was on function: will everything work? I hope that the numerous federal agencies participating will bring a security perspective to the experiment. What new security challenges will we face in an IPv6 world? Some speculate, but I look forward to hearing about the wide range of security issues that are identified through experiments like World IPv6 Day.

Posted by Keren Cummins on June 9, 2011 9:09 PM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/409

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on June 9, 2011 9:09 PM.

The previous post in this blog was File Integrity Monitoring in the Federal Space.

The next post in this blog is Magical Mystery Metrics.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: Federal Outlook
Author: Keren Cummins

Keren W. Cummins is Director, Federal Markets for nCircle. Prior to joining nCircle, Keren served in executive positions with leading federal identity management solutions providers and has served several terms in public sector to include the Dept. of Commerce where she was a member of the Federal Public Key Infrastructure Steering Committee (FPKI SC) and the legislative and executive branches of the State of Texas.


Search

   


Recent Posts

   

Archives

   

Categories