Home / Blogs

IPv6 Security Myth #8: It Supports IPv6

Chris Grundemann

Most of our IPv6 Security Myths are general notions, often passed on unwittingly between colleagues, friends, conference attendees, and others. Today's myth is one that most often comes specifically from your vendors or suppliers. Whether it's a hardware manufacturer, software developer, or Internet Service Provider (ISP), this myth is all about trust, but verify.

Myth: It Supports IPv6
Reality: It Probably Doesn't

I am not saying that no products or services support IPv6. What I am saying is that a simple check-box in an RFx isn't enough. If a sales person tells you "it supports IPv6" without any further details or collateral — you probably need to dig deeper.

Many products and services do in fact support IPv6 today. More companies add IPv6 support to their products every day. The catch, especially from a security standpoint, is what that word "support" really means. Sometimes "IPv6 support" means that a device can be configured with an IPv6 address. Sometimes it means the service passes IPv6 packets. Sometimes it just means the application won't puke all over itself when deployed in an IPv6 enabled environment.

What you need "IPv6 support" to mean is full feature parity with your existing (likely IPv4) products and services. You also need that IPv6 support to provide the foundation for future changes and improvements as well, of course. What that means is that you must bust this myth yourself every time it pops up.

How can you avoid falling for the "it supports IPv6" myth? Start with detailed requirements. What is it that you need this product or service to do? RIPE-554, "Requirements for IPv6 in ICT Equipment” includes a section specific to "network security equipment” that I highly recommend as a starting place when crafting such a requirements list. Once you find a product or service that meets your needs on paper, lab testing and limited launches (pilot programs / first office installs) will help ensure that you aren't bitten by this myth. Seeking independent verification is sometimes warranted as well, for an example check out this list of tested home routers published by the University of New Hampshire (UNH) InterOperability Lab (IOL).

The bottom line for this myth is simple: Treat IPv6 like you would any other new technology being deployed on your network. Ensure that all new equipment meets your specific needs, and remember to trust but verify when it comes to IPv6 support.

By Chris Grundemann, Internet Technologist, Author, and Speaker; Principal Architect at Myriad Supply
Related topics: Cybersecurity, IPv6
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias