Wednesday, February 2, 2011
IPv6 in security procurement projects
Like many organizations, we are actively looking at deploying IPv6. Yesterday's news that the last of the IPv4 RIR's have been assigned was a helpful awareness tool and we will use it to raise the priority of the project. We are currently planning to purchase our first native IPv6 service some day soon, and I look forward to our first experiments.
Another project on my plate is the purchase of an IPS to replace of our current IDS. Our existing IDS infrastructure is simply too complicated to maintain, and I do not have the resources, nor the skill levels on staff, to maintain it any longer. In our evaluation process, we have defined a series tests and the product to which we are leaning heavily has passed all of them. However, I just realized one thing: I forgot to include ANY IPv6 testing in my plan!
IPv6 deployment is not something that might happen: we know for a fact that it will. And, while many products are now available that claim to have some form of IPv6 support, many are not.
If you are at all involved in some sort of evaluation and/or purchasing role: make sure that you include IPv6 capabilities in your requirements, and develop a plan to put those IPv6-support claims to the test. If you don't, you'll be missing a lot of interesting traffic real soon now, and you'll be confronted with significant costs to retrofit IPv6 on unwieldy IPv6 equipment.