IPv6 is baking in security

Tuesday - 8/10/2010, 10:30am EDT

Pieter Poll, CTO, Qwest

Click below to hear the interview

Download mp3

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.

By Dorothy Ramienski
Internet Editor
Federal News Radio

With all of the noise about cloud computing, data center consolidation and transparent government, you could almost forget the government is under mandate to make sure networks incorporate IPv6 -- the new Internet protocol that gives all sorts of security benefits.

Qwest Communications says not only is there plenty of room in the IPv6 pool, next-generation security is baked in.

Pieter Poll is chief technology officer at the company and says the government isn't really doing anything different than anyone in the private sector, and the transition is moving slowly -- but for a reason.

"I think everyone's being careful just to make sure that the Internet as we know it is not disrupted. . . . Today we use a version of IP address which is called IP version 4. There are four billion of those addresses, in theory, but when you think that we currently have 6.8 billion on Earth, you can see that we have fewer than one address per person."

And those addresses are running out. Poll says most analysts project that Internet addresses will be exhausted sometime in the first half of next year.

He likens it to when the D.C. area ran out of phone numbers a few years ago. When this happened, new area codes were created (240 in Maryland and 571 in Virginia) -- and Ipv6 will do something similar for the Web.

But that's not the only benefit.

"The key advantage of Ipv6 is the security. In IPv4, if you were going to implement security on top of an Internet connection, you basically have to implement that yourself as part of the application, or part of the equipment -- the routers, basically -- that are carrying the traffic. IPSEC, as it's called, is actually inherent and mandatory in IP version 6. So, all connections in IP version 6 are encrypted by default."

As far as the transition, Poll says CIOs and IT managers in both the public and private spheres are not only being careful to not disrupt the business of their enterprises, but they're also trying to make sure that they're ready.

"It's sort of an obvious statement, but what I tell the CIOs is [they] really need to think about the problem it is that [they are] trying to solve. The first thing you have to make sure of is that you don't cut yourself off from others on the Internet. . . . As you go further ahead, you have to think about the transition of your enterprise infrastructure. Then, if you're someone like Qwest, you also have to think about it from the perspective of a carrier -- how do you make sure that the backbone of the global Internet is going to continue to work also in both v4 and v6 environments."

One of the more interesting challenges associated with the transition has to do with the fact that there is no exact date as to when the v4 addresses will run out.

With no specific target date in sight, CIOs and other IT workers have had to get creative, but Poll says there are a couple of things to keep in mind.

Upgrading equipment, such as routers, can be fairly straightforward. One simply has to replace an older piece of technology with a newer one. The real test comes when coding is involved.

"The key thing I encourage people to do, however, is look at their applications. A lot of applications were . . . written in a way that they talk to the operating system and have the operating system really worry about the issues of addresses. But, in some cases, just like in Y2K, where we had two digit versus four digit years, the concept of Ipv4 is embedded throughout the application and you actually have to go and rewrite that to make sure that it works. And we're talking here about applications -- it could be an email application, right up to federal payroll."

Once the transition happens, we probably won't run out of addresses for awhile. Poll says Ipv6 will allow there to be 5 28 IP addresses for every person that is currently alive.