IT departments urged to prepare staff for IPv6

Tuesday 30 August 2005 03:16

IT departments have been urged to start preparing staff for the introduction of Internet Protocol version 6 to reduce the security risks of deploying the technology for new applications.

IPv6 is the replacement for IPv4, the protocol used to send and receive network traffic. The main benefit of the new version is that it offers an almost unlimited number of IP addresses. This is important as the number of internet users and connected devices, each requiring a unique IP
address, is set to increase rapidly over the next few years.

Although operating systems such as Unix and Linux already support IPv6, there is expected to be a huge increase in usage with the release of Windows Vista, the next version of the Microsoft operating system, next year.

Roy Hills, technical director at internet research firm NTA Monitor, warned that many users do not fully understand IPv6. "Since people have not had to use it there has been no requirement for systems administrators to understand IPv6," he said.

One risk for users is that no one is sure how IPv6 will perform on networks, said Phil Cracknell, chief technology officer at IT security supplier netSurity. "There is a total absence of test data on how it will perform in terms of applications, management and security infrastructure," he said.

Because of potential security vulnerabilities that could be created by using IPv6, businesses should test it in a development environment before rolling out the technology, Cracknell added.

Richard Brain, technical director at security consultancy Procheckup, said, "Modern firewalls support IPv6 effectively, though there might be some bugs in lesser-known protocols using IPv6, such as ICMP."

He urged users to keep on using IPv4 and disable IPv6 where possible. Brain said there have been serious security holes found in IPv6 implementations. "Only use IPv6 if there is a need to - its main function is to increase the number of addresses available.

"IPv6 uses a lot more bandwidth than IPv4, as the packet size is 250% larger." Unless users have plenty of spare bandwidth and are running out of IP addresses, there is no need to migrate to IPv6, Brain said.