Monday, April 28, 2008

NSA Seeks Feedback on IPv6 Security Recommendations

Dan Campbell writes on GCN.com:

The National Security Agency’s Central Security Service has released a pair of IPv6-related documents titled Firewall Design Considerations for IPv6 and A Filtering Strategy for Mobile IPv6 for industry review and feedback.

One of the most frequently cited impediments to IPv6 deployment is the lack of IPv6 features in security products. Network administrators are nervous about implementing the new protocol and opening up security holes without having the tools to mitigate them. The NSA documents by Casimir Potyraj call for firewall vendors and other security experts to comment on what is practical to implement in security products.

Potyraj called attention to the “unconstrained flexibility allowed by IPv6 specifications” that must be considered when designing security products. For example, a major improvement in IPv6 is the replacement of seldom-used IPv4 header fields with optional extension headers that can be used to provide additional services and packet handling. Potyraj expressed concern that the flexibility allowed in the IPv6 specifications on extension headers, including the order in which the headers appear in the packet, may facilitate attacks or impair security product vendors’ ability to implement techniques to thwart them.

More here.

0 Comments:

Post a Comment

<< Home