Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Q&A: IPv6 Security and Transition Concerns

It's go time for IPv6. Internet service providers and Internet companies are taking part in the Internet Society's World IPv6 Launch day today by permanently deploying IPv6. Network Computing recently spoke with Bob Hinden, co-inventor of IPv6, to learn what's happened with the new Internet standard and get some insights on potential IPv6 security concerns.

Currently a Check Point Fellow at Check Point Software and co-chair of the IPv6 working group at the Internet Engineering Task Force, Hinden is also chair of the IETF Administrative Support Activity, which is responsible for the fiscal and administrative support of the IETF standards process. He was previously at Nokia, Ipsilon Networks, Sun Microsystems and Bolt, Beranek and Newman, where he worked on a variety of Internet-related projects, including the first operational Internet router.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Network Computing: What role did you play in the development of IPv6, and when?

Hinden: I've been involved in the Internet from very early on, with Vint Cerf and the people who invented the Internet. When I was at Bolt, Beranek and Newman in the early '70s I did one of the early TCP/IP implementations.

We realized in 1991-92 that the use of IPv4 addresses was accelerating and knew we had to have a version with a larger address space. I and Steve Deering led the proposal that evolved to become IPv6.

I've been very fortunate to be at the place and time where this really began. Many people have been involved and made many contributions.

Converting to the 128-bit IPv6 standard is necessary because we have almost run out of 32-bit IPv4 addresses. Where IPv4 created a supply of 4 billion addresses, IPv6 provides more than 340 undecillion address combinations--34 followed by 34 zeros [340,000,000,000,000,000,000,000,000,000,000,000], a virtually unlimited supply.

Besides capacity, what were the key objectives of IPv6?

Hinden: The key design objective was the larger address space. The other IPv6 changes were incremental, things we could do better like autoconfigure for homes and small businesses, an attempt to make it more secure and things like that.

What about IPv6 security? How might it be exploited by attackers?

Hinden: IPv6 is about as secure as IPv4: It is not perfect, but it is more secure. The vulnerability in IPv6 is its now supported in most common operating systems ... the things people use every day. In many of these things it's turned on by default, or it's easy to create automatic tunnels to get out to the Internet.

Enterprises need to have security devices deployed now that can look at IPv6 traffic ... even if they don't have a current plan to deploy a lot of these devices. You can't stop what you can't see. There are good solutions from a range of security vendors.

What must security professionals do to secure their networks in preparation for the IPv6 transition?

Hinden: I run IPv6 at home... and just bought an Apple TV. I was trying to see how many connections were using Ipv6 and noticed that Apple TV was IPv6-enabled, and was using it. Because it's built into lots of devices, they'll use it, so enterprises need to understand that.

Are there other ways to proactively address IPv6 security vulnerabilities?

Hinden: Most of the uses of IPv6 are just a user wanting to try something out, and are not malignant. As a policy matter, it's better to block by default. There is a set of transition mechanisms that come with IPv6. I recommend that enterprise customers create default transmission protocols in their firewall to turn them off, requiring the creation of specific rules to turn those devices on.

What are some IPv6 transition concerns?
Hinden: If you were looking for malware before, you should be looking in IPv6. Whatever you were doing before with IPv4, you should be doing with IPv6.

Have there been any surprises along the way for you?
Hinden: I don't think I could have imagined the way people use the Internet today. The Internet of Things was easier to see; we've been talking about that for some time. I'm not surprised, but very pleased that we've changed the world.


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

IPv6 Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers