It is precisely this sensationalist nonsense that got us in to this mess years ago, but now we do have a real issue to address. IPv4, the protocol behind the majority of the Internet and your networks is quickly running out of addresses to assign, not to mention a raft of long standing security and performance issues we've all just 'got used to'. Exhausting the pool of addresses would mean severe challenges in growing the global online economy. For years (at least since IPv6, the successor to IPv4 was published) groups have been predicting instant failure or that the available address pool would never really reach 0. Contradiction leads to confusion and growing desensitization towards the issue. However, analysts now are consistent and agree that we are not long at all from running out. We’ve also seen an increasing number of service providers introducing IPv6 capabilities (and the world’s first IPv6 only ISP in Asia) and governments regulating timeframes for readiness. So what do you need to know and do? It is a big topic, but this should give you some pointers:
1. IPv6 could be compromising your security right now. If you aren't explicitly using it, you should make sure it is blocked. IPv6 can be a backdoor, circumventing your security controls and allowing hackers in. Whilst low in numbers, we have already seen some examples of such attacks, and malware using IPv6 as a transport.
2. This is not a 'seamless' transition. IPv6 means upgrading a lot of infrastructure and a fairly fundamental change to the rules of networking. Luckily, most modern devices are IPv6 capable already. As you replace your infrastructure, you should think about what IPv6 transition would mean to minimize nasty surprises over the coming years.
3. Take a look at World IPv6 day on June 8th. Big service providers are forging ahead and trying to figure out the pitfalls.
4. Make sure your network and endpoint security teams are starting to learn about the implications of IPv6, at least to be able to block it until you are ready to transition! Watch out in particular for new tunneling protocols designed to simplify interoperability of IPv4 and IPv6. Unfortunately, these protocols can significantly complicate matters by exposing your network or causing performance problems. Make sure you are explicit about their use.
5. When the end comes, it doesn't mean the web and your networks stop working. Rather, growing online infrastructure grows progressively much harder.
6. None of should fall in to the trap of ignoring IPv6 but you don't need to panic either. Make sure it is in your radar to evaluate the impact and plan transition over the coming years. It would also be advisable to make sure your technology and vendors have a path to IPv6.
ABOUT THE AUTHOR
James Lyne is focused on the 5-year technology strategy at Sophos in the Office of the CTO. Working with key business and technology trends and combining a detailed knowledge of threats, James extrapolates from the modern world of threat protection to explore the future security and technology requirements. Aside from technology strategy, James frequently engages with customers and industry forums to evangelize the security problem domains.
With a background as a mathematician and a strong focus on cryptography, James Lyne's knowledge of security is informed by a detailed understanding of practicalities. James has worked with some of the world's largest and most paranoid enterprises to implement risk-oriented security strategies. With a collection of academic awards and industry certifications James also works with educational bodies to improve awareness, which is the most important component of security.