* Even IPSec could pose problems when tunneling to other networks. IP Security (IPSec) makes it possible to authenticate the sender, provide integrity protection, and optionally, encrypt IP packets to provide confidentiality of transmitted data. IPSec was an optional feature for IPv4, but it's mandatory with IPv6. In tunnel mode -- which essentially creates a VPN for network-to-network, host-to-network and host-to-host communications -- the entire packet is encapsulated into a new IP packet and given a new IP header. But a VPN connection with a network that's beyond the originator's control could result in security exposures or be used to exfiltrate data, etc. Because the negotiation and management of IPSec security protections and the associated secret keys are handled by additional protocols (e.g., Internet Key Exchange -- IKE) and adds complexity, it isn't likely IPSec will be any more widely supported with IPv6 than it is with IPv4 initially.
It will be some time before IPv6 is universally deployed and IPv4 devices begin to decline. Until then, we will all be working to build on the protocol that enabled the Internet's first 4 billion devices.
Now that the milestone of Feb. 3 has come and gone, we soon will have little choice but to develop and propagate the best practices that will make the next generation of IP addresses stable, reliable and secure, and that starts with the awareness and knowledge of network and security staff.
Verisign Inc. (Nasdaq: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, Verisign helps companies and consumers all over the world to connect online with confidence.
Read more about LAN and WAN in Network World's LAN & WAN section.