Information is exchanged over the Internet using a standard communications protocol called Internet Protocol (IP). Each device (PC, router, server, mobile phones, game systems, etc.) on the Internet is given an address so packets of information can be transmitted from one address to others using IP. The most common IP is IP version 4 (IPv4). IPv4 uses 32 bits for addressing and provides 2^34 addresses. Because of the expansive growth of the Internet, the Internet Engineering Task Force realized more address space was necessary and in 1998 they released the next generation protocol, IPv6. IPv6 uses 128 bits for addressing and therefore provides 2^128 addresses.
Security for IPv6 is also a concern among many organizations. Typically organizations don’t want to transition to IPv6 because they are unsure of how to secure it. This is really turning a blind-eye to the problem. Some vendors ship IPv6 enabled equipment. Anyone using this equipment without taking the time to disable IPv6 has IPv6 on their network. IPv6 can also be tunneled via IPv4. This provides an attacker a way in to a network without the network team knowing. Unless the security team is monitoring for and denying all forms of IPv6, IPv6 is on the network.
The Federal Government recognized the need to transition to IPv6 as early as 2005 when the Office of Management and Budget (OMB) released the memorandum, Transition Planning for Internet Protocol Version 6 (IPv6), and established June 2008 “…as the date by which all agencies’ infrastructure (network backbones) must be using IPv6 and agency networks must interface with this infrastructure.” In September 2010, OMB released additional mandates requiring Federal agencies “…to operationally use native IPv6 [on public/external facing servers and services] by the end of FY 2012” and “Upgrade internal client applications that communicate with public Internet servers and supporting enterprise networks to operationally use native IPv6 by the end of FY 14.”
IPv6 provides other features that were added on to IPv4. These features include IP Security, Domain Name Server Security and IPv6 eliminates the need for network address translation (NAT). NAT is usually used to hide many IPs behind one publicly routable IP. This makes packet processing more complex and destroys the end-to-end communication theory of the Internet. Because IPv6 provides so many addresses, there is no need to use one IP for publicly routable addresses and then forward the packet to the intended recipient. This reduces the complexity of the Internet.
