Deploy360 3 March 2015

IPv6 Security Myth #8 – It Supports IPv6

Chris Grundemann
By Chris GrundemannGuest Author

Security in an IPv6 WorldMost of our IPv6 Security Myths are general notions, often passed on unwittingly between colleagues, friends, conference attendees, and others. Today’s myth is one that most often comes specifically from your vendors or suppliers. Whether it’s a hardware manufacturer, software developer, or Internet Service Provider (ISP), this myth is all about trust, but verify.

Myth: It Supports IPv6
Reality: It Probably Doesn’t

I am not saying that no products or services support IPv6. What I am saying is that a simple check-box in an RFx isn’t enough. If a sales person tells you “it supports IPv6” without any further details or collateral – you probably need to dig deeper.

Many products and services do in fact support IPv6 today. More companies add IPv6 support to their products every day. The catch, especially from a security standpoint, is what that word “support” really means. Sometimes “IPv6 support” means that a device can be configured with an IPv6 address. Sometimes it means the service passes IPv6 packets. Sometimes it just means the application won’t puke all over itself when deployed in an IPv6 enabled environment.

What you need “IPv6 support” to mean is full feature parity with your existing (likely IPv4) products and services. You also need that IPv6 support to provide the foundation for future changes and improvements as well, of course. What that means is that you must bust this myth yourself every time it pops up.

How can you avoid falling for the “it supports IPv6” myth? Start with detailed requirements. What is it that you need this product or service to do? RIPE-554, “Requirements for IPv6 in ICT Equipment” includes a section specific to “network security equipment” that I highly recommend as a starting place when crafting such a requirements list. Once you find a product or service that meets your needs on paper, lab testing and limited launches (pilot programs / first office installs) will help ensure that you aren’t bitten by this myth. Seeking independent verification is sometimes warranted as well, for an example check out this list of tested home routers published by the University of New Hampshire (UNH) InterOperability Lab (IOL).

The bottom line for this myth is simple: Treat IPv6 like you would any other new technology being deployed on your network. Ensure that all new equipment meets your specific needs, and remember to trust but verify when it comes to IPv6 support.

Have you already deployed IPv6? We’d love to hear about your experiences, publish your lessons learned, and promote your success story along with our other IPv6 resources – especially if they relate to IPv6 security directly! If not, what are you waiting for?!? Get started today.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...