What We're Reading, Week of 10/24

InfoWorld, Interest in IPv6 booms despite puny traffic levels SearchEnterpriseWAN.com,  VPN security breaches: How to avoid them eSecurity Planet, The Save Traveler’s VPN Shopping Guide Channel Insider, Top Tales of IT Terror...

What We’re Reading, Week of 10/24

InfoWorld, Interest in IPv6 booms despite puny traffic levels SearchEnterpriseWAN.com,  VPN security breaches: How to avoid them eSecurity Planet, The Save Traveler’s VPN Shopping Guide Channel Insider, Top Tales of IT Terror...

Don't Worry, IPv6 Won't Break Your Existing IPsec VPN, Part 2

Editor’s Note: For part one, click here. By Daniel P. Dern So, how does a company add IPv6 support? “Your operating systems have to be IPv6-ready,” said Rainer Enders, CTO, Americas, for NCP engineering. “Your network providers have to support IPv6, in a secure way. Check whether they support native IPv6 end-to-end, for a full backbone if possible, as opposed to ‘split tunneling’ – we feel the latter is not a good idea and have concerns about that approach. Some ISPs are already rolling out pure native IPv6, especially for business-class service, and some will soon also be doing this on the consumer side.” Split tunneling is when a VPN user is accessing a public network and a LAN or WAN, using the same network connection.  The public network, however, can pose a threat to the LAN or WAN, if it becomes vulnerable. If IPv6 isn’t available end-to-end within your enterprise, “We recommend staying with IPv4 for now,” says Enders. “This is some of why IPv6 is slow to roll out. And you have to make sure all the relevant components are fully IPv6-compliant.” Meanwhile, advises Enders, “If I were shopping for an IPsec or VPN technology, I would look for a vendor that offers a true dual-stack implementation of IPv6 and IPv4, so you are future-proofed. And the same applies when you have a refresh cycle — make sure you are getting true native support for IPv6.” This provisioning includes any broadband gateways that home or remote users are getting, and also desktop operating systems. (Note: Both Windows 7 and MacOS include IPv6 support — however, this does...

Don’t Worry, IPv6 Won’t Break Your Existing IPsec VPN, Part 2

Editor’s Note: For part one, click here. By Daniel P. Dern So, how does a company add IPv6 support? “Your operating systems have to be IPv6-ready,” said Rainer Enders, CTO, Americas, for NCP engineering. “Your network providers have to support IPv6, in a secure way. Check whether they support native IPv6 end-to-end, for a full backbone if possible, as opposed to ‘split tunneling’ – we feel the latter is not a good idea and have concerns about that approach. Some ISPs are already rolling out pure native IPv6, especially for business-class service, and some will soon also be doing this on the consumer side.” Split tunneling is when a VPN user is accessing a public network and a LAN or WAN, using the same network connection.  The public network, however, can pose a threat to the LAN or WAN, if it becomes vulnerable. If IPv6 isn’t available end-to-end within your enterprise, “We recommend staying with IPv4 for now,” says Enders. “This is some of why IPv6 is slow to roll out. And you have to make sure all the relevant components are fully IPv6-compliant.” Meanwhile, advises Enders, “If I were shopping for an IPsec or VPN technology, I would look for a vendor that offers a true dual-stack implementation of IPv6 and IPv4, so you are future-proofed. And the same applies when you have a refresh cycle — make sure you are getting true native support for IPv6.” This provisioning includes any broadband gateways that home or remote users are getting, and also desktop operating systems. (Note: Both Windows 7 and MacOS include IPv6 support — however, this does...

Don't Worry, IPv6 Won't Break Your Existing IPsec VPN, Part 1

By Daniel P. Dern What does the coming of IPv6 mean for companies relying on IPsec for secure site-to-site and remote VPN connections to the company network? “Nothing would change,” says Rainer Enders, CTO, Americas, for NCP engineering. “From an end-user point of view, there is zero impact at the application layer. Using IPv6 instead of IPv4 will be transparent to the user.” What does this mean for IT admins responsible for provisioning and administering IPsec VPNs and VPN capability? “You still have to have your VPN application in place, and that application has to be managed, monitored, and controlled,” says Enders. “You want to make sure you have the right technology deployed, for instance at the operating system, patch, and security level.” IPv6 increases the need to have the appropriate security technology for VPNs and other networking activity, Enders notes. “Static firewalls work fairly well in an IPv4 environment, because there are other layers of protection, such as private addresses. However, with IPv6, the world is ‘flatter’ and much better connected. So IT admins will want a managed-client firewall, and take more security precautions, to focus more on protecting devices.” Stay tuned for Part 2 on how a company can add IPv6...