NIST Shares IPv6 Deployment Guidelines for Public, Private Sectors
As federal agencies and private sector companies are transitioning from IPv4 technology to IPv6, the National Institute of Standards and Technology provided final guidelines to aid in a secure deployment. The guide identifies security challenges and offers recommendations for overcoming obstacles tied to IPv6 deployment.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Federal agencies are likely to face attackers who exhibit “more experience and comfort with IPv6 than an organization in the early stages of deployment,” NIST said. It may be difficult for agencies to detect “unknown or unauthorized IPv6 assets on existing IPv4 production networks.” There also is a “lack of IPv6 maturity in security products when compared to IPv4 capabilities,” the guidelines said.
In many cases, organizations will need to develop mechanisms for IPv6 and IPv4 co-existence, NIST said. In deployment planning, organizations should plan for a long transition period with dual IPv4/IPv6 co-existence and consider a phased deployment “utilizing appropriate transition mechanisms to support business needs."
NIST also makes recommendations for organizations that aren’t currently deploying the newer protocol. Such organizations should block all IPv6 traffic at their firewall, the guidelines said. They should “disable all IPv6-compatible ports, protocols and services” on software and hardware and enable IPv6-only users to access Web servers. Because some equipment doesn’t support IPv6, organizations must plan for its secure disposition, “ensuring that no confidential data is released.”